| cutpaid.com/OgTqS |  172.67.183.8 | 301 Moved Permanently | 0 B |
IP172.67.183.8:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OgTqS HTTP/1.1
Host: cutpaid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 19 Nov 2022 17:35:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 19 Nov 2022 18:35:10 GMT
Location: https://cutpaid.com/OgTqS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ui3vEOlgTIDqk5DR%2Fo27rrT421g4yH%2BOx98MqELDfF5qiakXS5I6CZkfNxIQzHjzIrBUUsL4T2CAOLpNQ25owXy8ysMER7VajH9pl%2Bb%2BMJD7cNIrAFU5%2Fj8ZZKfamw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76cab36949cafac4-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6ed951622549ed76959631f8a1bf497b 682b2dd2a72190510e3fa7bdb0c0c6f25a322dfb 86f5e5ae2da408a899d16c83b7ca441033ac0c30062cd29f2db1b1b5be666746
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86F5E5AE2DA408A899D16C83B7CA441033AC0C30062CD29F2DB1B1B5BE666746"
Last-Modified: Sat, 19 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3146
Expires: Sat, 19 Nov 2022 18:27:36 GMT
Date: Sat, 19 Nov 2022 17:35:10 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashf732c50f6a2482aeea20552e0370c2d0 6f33119d5c38e92a0a62f3a46766ff86014e4d68 a47e38c199c5fecd5594544a3889e1cfca5547d85f19056f06eaeeadf17f4fe9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6385
Cache-Control: max-age=153748
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:10 GMT
Etag: "6378b071-1d7"
Expires: Mon, 21 Nov 2022 12:17:38 GMT
Last-Modified: Sat, 19 Nov 2022 10:31:13 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashd130218d0e2841f39c99610fe1a2ab90 29fbe1e177ee55c7a61ae0a206afff271cf5f945 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 19 Nov 2022 16:45:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3000
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe7724a1f27dc1b5b2fb63c7e486f74db ef0ea648ce8bc189d31382baec4b181c724af93b 2a46916079563d95fa6a695104ebf41829ee95a156d6e4d45b9aef7231a8a80e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A46916079563D95FA6A695104EBF41829EE95A156D6E4D45B9AEF7231A8A80E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2731
Expires: Sat, 19 Nov 2022 18:20:41 GMT
Date: Sat, 19 Nov 2022 17:35:10 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash67d5a988edcda47bc3b3b3f65d32b4b6 d4f0e0da8b3690cc7da925026d3414b68c7d954f 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ALfHOvxRfAIbimC55fo4dI3PsZGYXPDJ7mmgvQvgW38sBcrQFLlk5vi+rnQkQ58NCSCpqNrGjzQ=
x-amz-request-id: E1T5KV5W7XRNWVWJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 19 Nov 2022 17:16:07 GMT
age: 1143
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 17:35:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.35 | 200 OK | 472 B |
IP142.250.74.35:0
Hash07caf241d63e15426cd26434ef88e9dd ec289ab860ffccd49ce9a62d2c47c59dc181fbd5 d1f4bc6604b8a399049b5943d23dbfb842d9a100bf6f5c71e91a27cd3588cecb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.35 | 200 OK | 472 B |
IP142.250.74.35:0
Hash5e884c53db72411f06e2209d005f7586 6e1049a7fc26d6a3259a97bfca9dc6ba7b0dd5af 2965603dd297987ffa36ffd33c133f2c6a67fa6df1551554160b65ce804b0198
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit | 142.250.74.164 | 200 OK | 580 B |
URL HTTP/2www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP142.250.74.164:0
File typeASCII text, with very long lines (918), with no line terminators Hashdbf518f97165d213611f9e6f762bf876 a8529116d76204a0420a8c244723466310787f79 bc0692ecebd5884ea21d4bd3cd0ef1aa05f8a8439ea5f8ea7ebfe8110b603082
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 19 Nov 2022 17:35:10 GMT
date: Sat, 19 Nov 2022 17:35:10 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| i.imgur.com/4nDF4PP.png |  151.101.84.193 | 200 OK | 7.0 kB |
IP151.101.84.193:0
File typePNG image data, 250 x 72, 8-bit/color RGB, non-interlaced\012- data Hashcb7480a0a433fd916168ba91ae24e8e8 f49c10d3ac373780ba6ede61e67909cb45c2403d d3fbcdbb65aec7adf8d368f0540eb7abf08e83cf8d42742003df35abba13c75e
GET /4nDF4PP.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Oct 2018 03:18:48 GMT
etag: "cb7480a0a433fd916168ba91ae24e8e8"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 19 Nov 2022 17:35:10 GMT
age: 2195392
x-served-by: cache-iad-kcgs7200146-IAD, cache-bma1632-BMA
x-cache: HIT, HIT
x-cache-hits: 479, 1
x-timer: S1668879311.987544,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 6966
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.35 | 200 OK | 472 B |
IP142.250.74.35:0
Hash07caf241d63e15426cd26434ef88e9dd ec289ab860ffccd49ce9a62d2c47c59dc181fbd5 d1f4bc6604b8a399049b5943d23dbfb842d9a100bf6f5c71e91a27cd3588cecb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.35 | 200 OK | 472 B |
IP142.250.74.35:0
Hasha00fff9dd1711061b285e2136c973d13 66548ac11fc58024c6994539ab81804add41d2f2 4b87c5468c15817686a8497324c2a06d18fd5574141aa0476bf98aa3b8395a8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400 | 142.250.74.10 | 200 OK | 1.1 kB |
URL HTTP/2fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400 IP142.250.74.10:0
Hash4ec9f66f8e1588d167349ad4ec9b3bba 607c89da56fa234bcfb0b97be7de0677f231956a bf94d52b3e55a620109e73e84972af690b89a8173d141905a244cee42f40b6c5
GET /css?family=Montserrat:400,700%7CMuli:300,300i,400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 19 Nov 2022 17:35:10 GMT
date: Sat, 19 Nov 2022 17:35:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.35 | 200 OK | 472 B |
IP142.250.74.35:0
Hashc58de690a701dea26333a42815dc3003 91d9e60c285f6578b5d814901a90f52cafbb8790 179d035993138ec5fdb0b2bf1987888f751903e959af09e335ada210be842ca6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 | 216.58.207.195 | 200 OK | 31 kB |
URL HTTP/2fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data Hashac0d2859ea5f8fd6bcb3c305c08ec184 7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7 ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 16:40:18 GMT
expires: Fri, 17 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 176093
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2 | 216.58.207.195 | 200 OK | 31 kB |
URL HTTP/2fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 31196, version 1.0\012- data Hashea2343c7dccad57360fb611d67204445 b603d9e68bb1ed5e4b33d5e31121160cb4d23452 2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc
GET /s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 06:19:58 GMT
expires: Fri, 17 Nov 2023 06:19:58 GMT
cache-control: public, max-age=31536000
age: 213313
last-modified: Mon, 11 Jul 2022 20:43:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 19 Nov 2022 16:44:49 GMT
cache-control: public,max-age=3600
age: 3022
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.35 | 200 OK | 472 B |
IP142.250.74.35:0
Hashc58de690a701dea26333a42815dc3003 91d9e60c285f6578b5d814901a90f52cafbb8790 179d035993138ec5fdb0b2bf1987888f751903e959af09e335ada210be842ca6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash0bc0607a1fd34c6f1e4ded9379fffa47 e7cad90b57a6701cb0527f710c8071546a9e1566 6fbaa3ff50f2560d58eacd7a5f36d29de32c9feb1f3a84b266de56f293ec6670
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FBAA3FF50F2560D58EACD7A5F36D29DE32C9FEB1F3A84B266DE56F293EC6670"
Last-Modified: Fri, 18 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15027
Expires: Sat, 19 Nov 2022 21:45:38 GMT
Date: Sat, 19 Nov 2022 17:35:11 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash060d538b33e370fcd033339830d33a42 4a37d427988358eb318e18e2678c3484ef4a5ebd efa33f92547243814b5bd3bca4f94d26055d590a4431611b3ba251a8d774bfbb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4208
Cache-Control: max-age=146509
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:11 GMT
Etag: "63789cac-1d7"
Expires: Mon, 21 Nov 2022 10:17:00 GMT
Last-Modified: Sat, 19 Nov 2022 09:06:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
|
|
| plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js | 192.243.59.13 | 200 OK | 21 kB |
URL HTTP/1.1plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document, ASCII text, with very long lines (60176), with no line terminators Hash018f3636cefa08d28144e7b0f3a67b00 bcaf167587ec71a61c64a28e1002a3b46e0eeab6 02a5d75980eddfb30de9dc2e6e39a072e5d91ad30fb78c27327de8c9bdbfd50e
GET /7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js HTTP/1.1
Host: plungebriefinggladly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 17:35:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f5bc178f070c85f880f7cb33e0a1a9a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| push.services.mozilla.com/ | 52.42.234.253 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP52.42.234.253:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SA9P3/fQhVZyDJIL9ObvRg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IKSeFlOyDObZgauf3rXcvqFbO+c=
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.118 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.118:0
Hash0f162707471b694d9472aaa730586029 8e772c5ff60be51dbae5fb8e630f1f832f5138a6 8dbe631994a2b21d73969d226fc7cc6a17961a9fd4cc0c2656bd858761441ddc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=164345
Date: Sat, 19 Nov 2022 17:35:11 GMT
Etag: "6378da9a-1d7"
Expires: Mon, 21 Nov 2022 15:14:16 GMT
Last-Modified: Sat, 19 Nov 2022 13:31:06 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iDbQKmcWhrCMJADKz_1XuR65M0LMETqP53Pvbc-m6ilRDmxAJ3xhGw==
Age: 6190
|
|
| simplewebanalysis.com/stats |  52.28.211.11 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP52.28.211.11:0
File typeASCII text, with no line terminators Hashedeb74b7ea1ab8f233ee23b263063926 ec7c1e883bc324c63b6d18f5e593f2ec6ec5b9c9 b66ac43053c51d73b896808647b5f2718665792e6102a6903a9fddc0480688d7
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cutpaid.com
access-control-allow-credentials: true
set-cookie: uid_id2=58e46ff7-3485-4ba5-9d2c-49a8b76299be:3:1; expires=Tue, 16 Nov 2032 17:35:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash39f556b6f695ed0b73459912b7d34ed2 1b640326d50b8109085e79c9d169ac9f2c733ce5 578b210fbea933520cc95bf57c6a75c90c03aa46adfc67bb1ff424c2ea61b9ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "578B210FBEA933520CC95BF57C6A75C90C03AA46ADFC67BB1FF424C2EA61B9EC"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2656
Expires: Sat, 19 Nov 2022 18:19:28 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash39f556b6f695ed0b73459912b7d34ed2 1b640326d50b8109085e79c9d169ac9f2c733ce5 578b210fbea933520cc95bf57c6a75c90c03aa46adfc67bb1ff424c2ea61b9ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "578B210FBEA933520CC95BF57C6A75C90C03AA46ADFC67BB1FF424C2EA61B9EC"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2656
Expires: Sat, 19 Nov 2022 18:19:28 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaaf95ec4541654fdcdd8d3f24c6630a5 2f21e05dcaa397bcf8fde0ac36b72e02f9a56141 222ccda2e9970842b863a0d442cdefa2bb2879b5a04ff3ca23728cb4085a785e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "222CCDA2E9970842B863A0D442CDEFA2BB2879B5A04FF3CA23728CB4085A785E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2717
Expires: Sat, 19 Nov 2022 18:20:29 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js | 142.250.74.163 | 200 OK | 163 kB |
URL HTTP/2www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP142.250.74.163:0
File typeASCII text, with very long lines (730) Size163 kB (162976 bytes) Hash79d18cf4265108d7cecca1bf4ada6109 e51d0285a545381d4c39e9e0292a650ffeeecbb9 59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 15:30:33 GMT
expires: Fri, 17 Nov 2023 15:30:33 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 180279
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash71a0648f8151c1f19b970ed05a8d7d1a 9819597b87f2c2e481aa489cfb0c779a2ed4d1cd 26f771c044da44247c1fe50496386fabed6d4be2d2cf97cc20e9f8f2a454245c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26F771C044DA44247C1FE50496386FABED6D4BE2D2CF97CC20E9F8F2A454245C"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12935
Expires: Sat, 19 Nov 2022 21:10:47 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| ifknittedhurtful.com/01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js | 192.243.61.225 | 200 OK | 13 kB |
URL HTTP/1.1ifknittedhurtful.com/01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with very long lines (37153), with no line terminators Hash6ffea833a8f74e2bd0c4a541a2a318e0 be567667393545c1bb974d67851f7f4038d67ada eccca346b7f5d23c87ecb73d526e424d8c92944fe9889d21fe66a8379354d54f
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | quad9 | Sinkholed | |
GET /01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5eb490dfe6f9b49eadd0f54070881a0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ifknittedhurtful.com/pixel/purst?dl=0&th=0&sc=0&rs=1565&rd=1565&fd=958&bv=22.10.v.9&tmpl=70 | 192.243.61.225 | 200 OK | 0 B |
URL HTTP/1.1ifknittedhurtful.com/pixel/purst?dl=0&th=0&sc=0&rs=1565&rd=1565&fd=958&bv=22.10.v.9&tmpl=70 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/purst?dl=0&th=0&sc=0&rs=1565&rd=1565&fd=958&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| s10.histats.com/js15_as.js |  46.105.201.240 | 200 OK | 4.4 kB |
URL HTTP/2s10.histats.com/js15_as.js IP46.105.201.240:0
File typeHTML document, ASCII text, with very long lines (11440), with no line terminators Hashed192092c129db6123a3397855f42619 067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e 998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:29:50 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 218073296
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
|
|
| banquetunarmedgrater.com/advertisers.js | 192.243.59.20 | 200 OK | 0 B |
URL HTTP/1.1banquetunarmedgrater.com/advertisers.js IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 19 Nov 2022 17:35:12 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d154095b534dfca2ff19213a7c240ded
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash7e7d69aa3115e768ed4f036c668374dd da5000138437ceb324539ce4a27fdc49fb18a7b3 ee556c4fd9ca677af3b0ac8447af0e4c34e15767b7657ba177737da2fa8ff6f9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EE556C4FD9CA677AF3B0AC8447AF0E4C34E15767B7657BA177737DA2FA8FF6F9"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5512
Expires: Sat, 19 Nov 2022 19:07:04 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash7e7d69aa3115e768ed4f036c668374dd da5000138437ceb324539ce4a27fdc49fb18a7b3 ee556c4fd9ca677af3b0ac8447af0e4c34e15767b7657ba177737da2fa8ff6f9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EE556C4FD9CA677AF3B0AC8447AF0E4C34E15767B7657BA177737DA2FA8FF6F9"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5512
Expires: Sat, 19 Nov 2022 19:07:04 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash798ef0955be535268547903e74dacfcd 782823486f9ded693609cade264d1950e816f7d0 75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3735
Expires: Sat, 19 Nov 2022 18:37:27 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 1.5 kB |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash84932785e4367a152856bad79c9e8f7c c86a8ace2f5e02a156955be8a8c5c2728de5d326 603b4a9c01c4af9044997c8ceca8bca78bb310cdbbcf7bb2877ee92b1fd7af4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3735
Expires: Sat, 19 Nov 2022 18:37:27 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash798ef0955be535268547903e74dacfcd 782823486f9ded693609cade264d1950e816f7d0 75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3735
Expires: Sat, 19 Nov 2022 18:37:27 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash798ef0955be535268547903e74dacfcd 782823486f9ded693609cade264d1950e816f7d0 75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3735
Expires: Sat, 19 Nov 2022 18:37:27 GMT
Date: Sat, 19 Nov 2022 17:35:12 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg | 34.120.237.76 | 200 OK | 4.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash459df915ce91b32b2dcc4850516d68a0 d7a5473d367e7965a4af55acbf4675ed7088fab2 a03e26ebee79ad9b9dda1bf680e0d2467ae6d5e582589ada9fe6ddfa437c483c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4851
x-amzn-requestid: 8c868655-d0eb-428d-9fc0-a7449f770bd4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brtDFF9HoAMFV9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748ee0-4f7daf8f7451dc5e0840f620;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:18:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xirMw5z5GPbmx9Sii_I4iNeh1GS5k9lGmaaJvUGAPWoVyP0Tldhf1w==
via: 1.1 e9ba0a9a729ff2960a04323bf1833df8.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 07:17:42 GMT
age: 37050
etag: "d7a5473d367e7965a4af55acbf4675ed7088fab2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashf5af431deee2fb28fcc08b25f5162944 6dac89954db5946b9ac1fdca3196d8b6bb3f54c3 b22d9111361ebce06d55d14d05f4a5206ca7097b059bbe6bc02b10391b61f458
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6365
x-amzn-requestid: 60bd00c0-6808-4bc5-a0cb-e4390d353d65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: befxSFJOIAMF6Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f466e-514b3be121f077d559acdb86;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 07:08:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E-bkNv53D_wWbPQkwNATrkuxsci_F32QIg7NCRL8yL8BoF_3lV-q3A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 11:33:44 GMT
age: 21688
etag: "6dac89954db5946b9ac1fdca3196d8b6bb3f54c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg | 34.120.237.76 | 200 OK | 38 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg IP34.120.237.76:0
Hasha05f2cc591cb64d95de82eb90ebfe72d 9d4d4c3ee57e1ea4e33afae7ee1233aadee5042e c9b7b4b17896eba2a74c1a330fc93f770957d38a98a0e3503dd6cb532f84c1ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PYoD_MxycYfiNvyRlBnLWCcyqQK9sZi8y2ir1U9eCavNoAB-3oFcxg==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 03:43:53 GMT
age: 49879
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg | 34.120.237.76 | 200 OK | 3.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd6b026c34985bbf2ebf89a62d0724c66 72369ebeccf447fa91ef77711d6297063c99777e e5598ada634274ab9995dedda8c1fd18344abcfdd49b3a1aaede0a86fafc0f40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3035
x-amzn-requestid: 3e3f3a7f-9a1d-4b37-b932-22c6e3e638f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRcFOuoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6f-09dc20ea5620dd167e3f7265;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xvVfLfP2DUilu7GSJMGArO90Kdoq5cPBVtmtyVjZmX5ZKnvOjpR_UQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 71927
etag: "72369ebeccf447fa91ef77711d6297063c99777e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce07c59e-2c1b-4d3b-8c02-f1ed4bca6607.jpeg | 34.120.237.76 | 200 OK | 4.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce07c59e-2c1b-4d3b-8c02-f1ed4bca6607.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash49115517a3f79b5092934e128d54c721 14582e35cacbfc2543587e546cb3b4faf2c898bf 0f9015683cacc252fb5e5053681da1b85b3dd0694e2cd04417e73e5e82ecac2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce07c59e-2c1b-4d3b-8c02-f1ed4bca6607.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3962
x-amzn-requestid: 29b553ab-9ef2-44b8-aea9-b1582b207a6b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRWGKmIAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6e-3fb68804386112d17eba689d;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NlXk5HDtG5jJpocFatW40jmG60DcpFCl4o6MqkAPSHH13lP66E4d6w==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 71927
etag: "14582e35cacbfc2543587e546cb3b4faf2c898bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F640a732f-1fd9-47b0-8311-39061579f99b.jpeg | 34.120.237.76 | 200 OK | 7.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F640a732f-1fd9-47b0-8311-39061579f99b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8cf981b1ea47b981c73aa1f291be4d8a d18b869e1940841e9b03f66f5608e381f1727b37 3352a04b9596b594aeb5de3dc70047196a830e3ca79babf7c1b72ff1103b2d26
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F640a732f-1fd9-47b0-8311-39061579f99b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7754
x-amzn-requestid: 2c21447c-03bb-4e50-9eeb-a8ae86c0d204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRmFuiIAMFjWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa70-7a7e65fc5d443a1d70feb62b;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MFN-Yhp70fPLS4R_tVxEvzt-YQ7COwXaXrmifEfXfpiC0epJHSJq7w==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 71927
etag: "d18b869e1940841e9b03f66f5608e381f1727b37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| s4.histats.com/stats/4137781.php?4137781&@f16&@g1&@h1&@i1&@j1668879312547&@k0&@l1&@mCutpaid&@n0&@o1000&@q0&@r0&@s1034&@ten-US&@u1280&@b1:-192937229&@b3:1668879313&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fcutpaid.com%2FOgTqS&@w |  192.99.0.58 | 200 OK | 51 B |
URL HTTP/1.1s4.histats.com/stats/4137781.php?4137781&@f16&@g1&@h1&@i1&@j1668879312547&@k0&@l1&@mCutpaid&@n0&@o1000&@q0&@r0&@s1034&@ten-US&@u1280&@b1:-192937229&@b3:1668879313&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fcutpaid.com%2FOgTqS&@w IP192.99.0.58:0
File typeASCII text, with no line terminators Hash1dac02eee7c3235a47c7afef84a44d7d 87dbde85e11b58b06b05fc2acdfe63de6978075c 4f65f2f2285900e29d14cf710ce09ecd8e823f302bde7f932e5fe3a079e4413d
GET /stats/4137781.php?4137781&@f16&@g1&@h1&@i1&@j1668879312547&@k0&@l1&@mCutpaid&@n0&@o1000&@q0&@r0&@s1034&@ten-US&@u1280&@b1:-192937229&@b3:1668879313&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fcutpaid.com%2FOgTqS&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 17:35:13 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
|
|
| s10.histats.com/counters/cc_1034.js | 46.105.201.240 | 200 OK | 5.5 kB |
URL HTTP/2s10.histats.com/counters/cc_1034.js IP46.105.201.240:0
File typeHTML document, ASCII text, with very long lines (15333), with no line terminators Hashce205bf9427d1fc8a6d26329c3811f67 807840d7c9174fcab11a9d4520538a19d8effadc b167e0e8b5c1c0d7d4ef6b1050cba84e150e0aa62f9bdc128fc5c68fca8473ed
GET /counters/cc_1034.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:22:50 GMT
etag: "-241208617"
last-modified: Thu, 16 Apr 2020 10:44:41 GMT
x-request-id: 349897946
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-grace: full
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 5479
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb8090b0239beef62fde3bf7553dcfd7b c277821a159131ba76d1eee4ce653d9a26f9dbc7 5853ada6dc113d88884f34b0503e71e659adf672570f670f3ac33f2de39e71a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5853ADA6DC113D88884F34B0503E71E659ADF672570F670F3AC33F2DE39E71A2"
Last-Modified: Fri, 18 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4927
Expires: Sat, 19 Nov 2022 18:57:20 GMT
Date: Sat, 19 Nov 2022 17:35:13 GMT
Connection: keep-alive
|
|
| tractorfoolproofstandard.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be%3A3%3A1 | 192.243.61.227 | 200 OK | 3.9 kB |
URL HTTP/1.1tractorfoolproofstandard.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be%3A3%3A1 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeJSON data\012- , ASCII text, with very long lines (5881), with no line terminators Hashf34204a83146229abdd1021151f73383 7c0b771eb4b7286cd6f9a7c2c99c82334c54b2ff 2a2d4389a7058b4702c4aa63ac99811e00389089e8c9219185b6279ed55e0daa
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be%3A3%3A1 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cutpaid.com
Access-Control-Allow-Origin: https://cutpaid.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16650200; expires=Sun, 20 Nov 2022 17:35:13 GMT; secure; SameSite=None
uid_id2=58e46ff7-3485-4ba5-9d2c-49a8b76299be:3:1; expires=Sat, 26 Nov 2022 17:35:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 20 Nov 2022 17:35:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 20 Nov 2022 17:35:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 20 Nov 2022 17:35:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 20 Nov 2022 17:35:13 GMT; secure; SameSite=None
slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]; expires=Sat, 19 Nov 2022 17:35:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 56ebf98bf19ab7c24a68f057fbd72912
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash2bc09af1ad2686db7351c4dd0cbf4cac e0f8d39aa931959c01c31998f3d451ec89c6de2a fd9772fc6b061e8b815346686c8b059b7478e3e1712e920f4d87aa7265eda598
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD9772FC6B061E8B815346686C8B059B7478E3E1712E920F4D87AA7265EDA598"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4839
Expires: Sat, 19 Nov 2022 18:55:53 GMT
Date: Sat, 19 Nov 2022 17:35:14 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash2bc09af1ad2686db7351c4dd0cbf4cac e0f8d39aa931959c01c31998f3d451ec89c6de2a fd9772fc6b061e8b815346686c8b059b7478e3e1712e920f4d87aa7265eda598
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD9772FC6B061E8B815346686C8B059B7478E3E1712E920F4D87AA7265EDA598"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4839
Expires: Sat, 19 Nov 2022 18:55:53 GMT
Date: Sat, 19 Nov 2022 17:35:14 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashda452d0de3f920e25397024207f8f7a6 a05a9e49418aa8a7bddc5855f078bcb2613a21bd 8dda38b3871cb82a5718520541c65929a8f9ebea1a07f76eb75fc175ee722dd1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6009
Cache-Control: max-age=95412
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 17:35:14 GMT
Etag: "6377ce0d-117"
Expires: Sun, 20 Nov 2022 20:05:26 GMT
Last-Modified: Fri, 18 Nov 2022 18:25:17 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
|
|
| tractorfoolproofstandard.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTtaLHiTqxYMyBxGF7Gz3TPfMtDksxhgJ%2BbEhiQT0VL96t9zqrqaqe3p3D7IYkBwURj3oSXrfbLIYYzB4FFFmRQwLwo4H3YPrn6Co5CgyuwOL36G%2Br%2Bq9w3vvq3c3yn3io6R7ly%2BaNaU1nYuafuOF6yoTpnKNS9cagd%2F0TzWuq6wTnmqsTA7bfynwo6b%2FYuM1yZfNXMsPfD%2Fwg8ZZZWViVuYOUKj8bhw0Y78ZtppBFGLF%2Fv%2FuSg%2BOehD9ffIElBg%2FsvTgPhQfIUu%2FPCPdcmHyk6%2BmpaaFseiLrdez5cxUGdKjMbEekmxryoZxY0I%2BOQaTbU0dwPQ3Jw7A1Jh4vwRg2dZUJlj%2F1qFSpiEzMPEYqv4IUo%2Bg6Ajc3IASuwTgApcWkKW3Lxlb0dVDlE7QMZl5%2BDdUNSYzvz2FLL13WquVxlWjy0KZzGElqaFWRlCLI%2BTlNoo1D6raBi%2FegRI%2FkbmHF5ClmwtOGyix91zUk2EnSbqz7bAXzYaMRrOxaPHZMKY91u204pjJg4iUGkElI2g5AHXHUToPpfJQJh7K3EMq9ho0ihPf7yYsabd7Iee83eY86nVEJNphL%2FFR8omHAYp8AK4H4HYduV3HshrAlt%2FBLdVwwoMrCPqiRiUJKkdQUYJKEVQFQdWvbwntWq6%2BLbQrWTDtrWlv10NTLG7QW6ZYlBnZyPfJiYPg%2Fn38VyzLvYYfJIlod0TCuGyLqBMzmvREL%2Bxw0WW8E8GpGsodA3Ue1iZb%2FOIkcjUm5Ot%2FwOg2nN4GVydAy2dAq2G35YMuDcOej7XsTpFKarMmNymEqZEXMyhWvQ29T54%2BUBHzLiTfmX%2FQPf%2FD1h%2Bfgtsaua3xlvqeYFHfHF4xFdm8YipH7i%2FkhUrVGp2s9mpBCzlz57xcrYwV5864wWcv8wkwGe9ek664QDOhskVHPj%2BthJD2rLFckm%2FOueuSXS7d0unSZmV%2B4fIrZ8%2BluZXOKZONQNVu9yNwNSaPXlw%2F%2BLTPvvcAyo5gyxppuUOmBWW2wfN1uHxn%2FuP3F34%2FJd6AMwRWH3FY7qEq66FtsaNHrcak%2Ffxf0HJn%2FqsP9dv33vwRlNVw8igGJne%2B%2FfOQv%2BFuYtF6oMUNZGmNvq3R1zWoHsCVx4dFbnfmf24fFJj2hkxbb5Npqz84jNepvYaMEj%2BRfkuyJGZJl%2FoiTsKY0TiQXRbRAIUb89Und%2F8DAAD%2F%2FwEAAP%2F%2FXon5vZAEAAA%3D | 192.243.61.227 | 200 OK | 7 B |
URL HTTP/1.1tractorfoolproofstandard.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTtaLHiTqxYMyBxGF7Gz3TPfMtDksxhgJ%2BbEhiQT0VL96t9zqrqaqe3p3D7IYkBwURj3oSXrfbLIYYzB4FFFmRQwLwo4H3YPrn6Co5CgyuwOL36G%2Br%2Bq9w3vvq3c3yn3io6R7ly%2BaNaU1nYuafuOF6yoTpnKNS9cagd%2F0TzWuq6wTnmqsTA7bfynwo6b%2FYuM1yZfNXMsPfD%2Fwg8ZZZWViVuYOUKj8bhw0Y78ZtppBFGLF%2Fv%2FuSg%2BOehD9ffIElBg%2FsvTgPhQfIUu%2FPCPdcmHyk6%2BmpaaFseiLrdez5cxUGdKjMbEekmxryoZxY0I%2BOQaTbU0dwPQ3Jw7A1Jh4vwRg2dZUJlj%2F1qFSpiEzMPEYqv4IUo%2Bg6Ajc3IASuwTgApcWkKW3Lxlb0dVDlE7QMZl5%2BDdUNSYzvz2FLL13WquVxlWjy0KZzGElqaFWRlCLI%2BTlNoo1D6raBi%2FegRI%2FkbmHF5ClmwtOGyix91zUk2EnSbqz7bAXzYaMRrOxaPHZMKY91u204pjJg4iUGkElI2g5AHXHUToPpfJQJh7K3EMq9ho0ihPf7yYsabd7Iee83eY86nVEJNphL%2FFR8omHAYp8AK4H4HYduV3HshrAlt%2FBLdVwwoMrCPqiRiUJKkdQUYJKEVQFQdWvbwntWq6%2BLbQrWTDtrWlv10NTLG7QW6ZYlBnZyPfJiYPg%2Fn38VyzLvYYfJIlod0TCuGyLqBMzmvREL%2Bxw0WW8E8GpGsodA3Ue1iZb%2FOIkcjUm5Ot%2FwOg2nN4GVydAy2dAq2G35YMuDcOej7XsTpFKarMmNymEqZEXMyhWvQ29T54%2BUBHzLiTfmX%2FQPf%2FD1h%2Bfgtsaua3xlvqeYFHfHF4xFdm8YipH7i%2FkhUrVGp2s9mpBCzlz57xcrYwV5864wWcv8wkwGe9ek664QDOhskVHPj%2BthJD2rLFckm%2FOueuSXS7d0unSZmV%2B4fIrZ8%2BluZXOKZONQNVu9yNwNSaPXlw%2F%2BLTPvvcAyo5gyxppuUOmBWW2wfN1uHxn%2FuP3F34%2FJd6AMwRWH3FY7qEq66FtsaNHrcak%2Ffxf0HJn%2FqsP9dv33vwRlNVw8igGJne%2B%2FfOQv%2BFuYtF6oMUNZGmNvq3R1zWoHsCVx4dFbnfmf24fFJj2hkxbb5Npqz84jNepvYaMEj%2BRfkuyJGZJl%2FoiTsKY0TiQXRbRAIUb89Und%2F8DAAD%2F%2FwEAAP%2F%2FXon5vZAEAAA%3D IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTtaLHiTqxYMyBxGF7Gz3TPfMtDksxhgJ%2BbEhiQT0VL96t9zqrqaqe3p3D7IYkBwURj3oSXrfbLIYYzB4FFFmRQwLwo4H3YPrn6Co5CgyuwOL36G%2Br%2Bq9w3vvq3c3yn3io6R7ly%2BaNaU1nYuafuOF6yoTpnKNS9cagd%2F0TzWuq6wTnmqsTA7bfynwo6b%2FYuM1yZfNXMsPfD%2Fwg8ZZZWViVuYOUKj8bhw0Y78ZtppBFGLF%2Fv%2FuSg%2BOehD9ffIElBg%2FsvTgPhQfIUu%2FPCPdcmHyk6%2BmpaaFseiLrdez5cxUGdKjMbEekmxryoZxY0I%2BOQaTbU0dwPQ3Jw7A1Jh4vwRg2dZUJlj%2F1qFSpiEzMPEYqv4IUo%2Bg6Ajc3IASuwTgApcWkKW3Lxlb0dVDlE7QMZl5%2BDdUNSYzvz2FLL13WquVxlWjy0KZzGElqaFWRlCLI%2BTlNoo1D6raBi%2FegRI%2FkbmHF5ClmwtOGyix91zUk2EnSbqz7bAXzYaMRrOxaPHZMKY91u204pjJg4iUGkElI2g5AHXHUToPpfJQJh7K3EMq9ho0ihPf7yYsabd7Iee83eY86nVEJNphL%2FFR8omHAYp8AK4H4HYduV3HshrAlt%2FBLdVwwoMrCPqiRiUJKkdQUYJKEVQFQdWvbwntWq6%2BLbQrWTDtrWlv10NTLG7QW6ZYlBnZyPfJiYPg%2Fn38VyzLvYYfJIlod0TCuGyLqBMzmvREL%2Bxw0WW8E8GpGsodA3Ue1iZb%2FOIkcjUm5Ot%2FwOg2nN4GVydAy2dAq2G35YMuDcOej7XsTpFKarMmNymEqZEXMyhWvQ29T54%2BUBHzLiTfmX%2FQPf%2FD1h%2Bfgtsaua3xlvqeYFHfHF4xFdm8YipH7i%2FkhUrVGp2s9mpBCzlz57xcrYwV5864wWcv8wkwGe9ek664QDOhskVHPj%2BthJD2rLFckm%2FOueuSXS7d0unSZmV%2B4fIrZ8%2BluZXOKZONQNVu9yNwNSaPXlw%2F%2BLTPvvcAyo5gyxppuUOmBWW2wfN1uHxn%2FuP3F34%2FJd6AMwRWH3FY7qEq66FtsaNHrcak%2Ffxf0HJn%2FqsP9dv33vwRlNVw8igGJne%2B%2FfOQv%2BFuYtF6oMUNZGmNvq3R1zWoHsCVx4dFbnfmf24fFJj2hkxbb5Npqz84jNepvYaMEj%2BRfkuyJGZJl%2FoiTsKY0TiQXRbRAIUb89Und%2F8DAAD%2F%2FwEAAP%2F%2FXon5vZAEAAA%3D HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=58e46ff7-3485-4ba5-9d2c-49a8b76299be:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ccaaa7be001135ab96751d525a66f25c
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 | 192.243.61.227 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:14 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1d7f1d653866a19f58e36f7bd7cce186
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 | 192.243.61.227 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=58e46ff7-3485-4ba5-9d2c-49a8b76299be&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:14 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e670024bf65d91c2bd71e8450cf42d43
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash07535f711a5a1e6e18963c54356cd49e 73948c3d2915b3bb95f4178f94f00cbdd6e0888e a7de3821c72b4f30b0cebecbd33574c3f046e8719b01645d4ac15c49f4c20547
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A7DE3821C72B4F30B0CEBECBD33574C3F046E8719B01645D4AC15C49F4C20547"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19397
Expires: Sat, 19 Nov 2022 22:58:31 GMT
Date: Sat, 19 Nov 2022 17:35:14 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash07535f711a5a1e6e18963c54356cd49e 73948c3d2915b3bb95f4178f94f00cbdd6e0888e a7de3821c72b4f30b0cebecbd33574c3f046e8719b01645d4ac15c49f4c20547
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A7DE3821C72B4F30B0CEBECBD33574C3F046E8719B01645D4AC15C49F4C20547"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19397
Expires: Sat, 19 Nov 2022 22:58:31 GMT
Date: Sat, 19 Nov 2022 17:35:14 GMT
Connection: keep-alive
|
|
| tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=701 | 192.243.61.227 | 200 OK | 0 B |
URL HTTP/1.1tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=701 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=701 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=58e46ff7-3485-4ba5-9d2c-49a8b76299be:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png | 172.64.108.13 | 200 OK | 6.0 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png IP172.64.108.13:0
File typePNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data Hashc489ce2c491a22ee37a55e26a92dfd73 2fa588ab09e94dd902e5bd24b48f98ad1949c9d6 1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/software/multi/browsers/ff/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:14 GMT
content-type: image/png
content-length: 5982
last-modified: Thu, 08 Sep 2022 07:49:57 GMT
etag: "63199ea5-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27559
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRBNcbN60RvCMPtvFIG5voUimWAPrpGNhCduBF29lNNsz8b0UhSA5x5aS0m2%2FyKdm6trdcH3RF%2BtTw0t8cltA9mcME5uE9s5i1fbJX7Eou6paaz3I%2FiyE%2Fy2u2%2BddBQ6zhvfqt%2BR7lxy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab3859a18770e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png | 172.64.108.13 | 200 OK | 175 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png IP172.64.108.13:0
File typePNG image data, 452 x 453, 8-bit/color RGBA, non-interlaced\012- data Size175 kB (174730 bytes) Hash85bc2f8a287afa33ac84c90178055d00 c98e7ebd06397a77a20607f55fe4ebf1b57ca334 85d20d101efc753f9b0619a33901e1689d1e0c11a46bf6d6d657c1393542cc30
GET /sb/notifications/software/multi/browsers/ff/3/img/update-icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:14 GMT
content-type: image/png
content-length: 174730
last-modified: Thu, 08 Sep 2022 07:49:58 GMT
etag: "63199ea6-2aa8a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27559
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OmyiTK43VZahYj9m0V8NW0Vqj6%2BzuJhcuIiMK0dIsqkUqspm%2BVwb5%2BkWeDvpt3Ep2tQOqUbxYvW55FVbhTNNJd2QYsr0uF1hBSuibhyHvjsK%2F3vWcmLlPCJqQajmtZLlBGEuMgBQZUZ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab3859a1a770e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash07535f711a5a1e6e18963c54356cd49e 73948c3d2915b3bb95f4178f94f00cbdd6e0888e a7de3821c72b4f30b0cebecbd33574c3f046e8719b01645d4ac15c49f4c20547
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A7DE3821C72B4F30B0CEBECBD33574C3F046E8719B01645D4AC15C49F4C20547"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19397
Expires: Sat, 19 Nov 2022 22:58:31 GMT
Date: Sat, 19 Nov 2022 17:35:14 GMT
Connection: keep-alive
|
|
| tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=230 | 192.243.61.227 | 200 OK | 0 B |
URL HTTP/1.1tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=230 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=230 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=58e46ff7-3485-4ba5-9d2c-49a8b76299be:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css | 172.64.108.13 | 200 OK | 1.1 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css IP172.64.108.13:0
Hash7d924b546cf98fcbbe1f1a66415efde9 8e0a8461aeb82f933769ab0e9fa69499aa974b35 634a2180f3499f5a77e19fd106d0521148296f7fb5baa3c57701d284d9279df7
GET /sb/notifications/software/multi/browsers/ff/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:15 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:56 GMT
etag: W/"63199ea4-e97"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lu1rXJDqcP%2BEXmtrf%2F29dfbPzVQPnj3U3lP2IfdyYP%2FKfRfwHmeHEijj%2BR18GAaP8WZIwBRZ6qeBoKKt6WAHDu8gCDAXBgs7fhuCDObP9w9r0nre%2B5opWnZtsiyhOasRlpd03cA7rdah"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab38569d4770e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html | 104.26.6.19 | 200 OK | 17 kB |
URL HTTP/2cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html IP104.26.6.19:0
File typeHTML document text\012- HTML document, ASCII text Hash641f71dc8bdddda7f33eb5a08d1d0745 4a8e472ed64b3972c9e8d4263e33bc3278415021 53061715dabe6435d2db74cb1c1c175385905bbf8b6aaa5f43e511234639d6c2
GET /sb/notifications/software/multi/browsers/ff/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:14 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 07:49:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nSWhLA9NdDABMGgS9Xt35dDdEla03Hp5ih8nWzW%2BqkHCQEr%2FQ5XGk5xwdM4Gg49HF%2BqUswVnRAPdCkIqf%2Bkb6QzlD5TIrbEeUgTB1cCoF8gYnxwfY4X42e0mk3RiVQkb99A8r%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab380aa380b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=280 | 192.243.61.227 | 200 OK | 0 B |
URL HTTP/1.1tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=280 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=280 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=58e46ff7-3485-4ba5-9d2c-49a8b76299be:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 17:35:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/script.js | 172.64.108.13 | 200 OK | 5.0 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/script.js IP172.64.108.13:0
Hash066dec71461c172a1993d3e8723247eb c3ba75a0744a09eb755854ebf2695e29e5d316f2 4b2fc8e433dd0d4340992b11faac2dbabdf40bbedca6b24a56a2e1e3e3785947
GET /sb/notifications/software/multi/browsers/ff/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:15 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-2ae2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bt1xe9WpfjvonOdqV%2B3NaKVfEAMHoM4opK3V9E4MLO66m15Bc1pw%2B0MMD1RXLBTrKv2RusBpjJacTHlqpKVk%2B3mLicyMDohNmhNwB9cp0oZgJne0a%2FvAxwgsDGyWTYdLBEfAKrZz1WOY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab3862b1b770e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/magic.css | 172.64.108.13 | 200 OK | 2.9 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/magic.css IP172.64.108.13:0
Hash0effca5fab677a1d7c71fbf26b86d726 bae9b92cc8d69e40575158a120bc091f4e5dab9d 7913960f54312d8ae17bdd007ea41e103152cf2e177fec0569c22b685a6bf82f
GET /sb/notifications/software/multi/browsers/ff/3/css/magic.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:14 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:55 GMT
etag: W/"63199ea3-b0c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKuisdL0yf6tvbgBJxq8J42qymsQHS7urGlf9dAxlgbIpSQV8H6wk5f8TY1ynNCXhLEoOL%2B9jtv%2FtJVqhkg%2BA4MIA0LJAnaETvwQ2Yikq0O4R4fiGj06UGkth%2B%2FG0ZLc6TTMrxL3iXw6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab38569cd770e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js | 172.64.108.13 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js IP172.64.108.13:0
GET /sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:14 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27559
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rvwk1dCJskT%2FKH1COzfeBCLyJle3Ry29Kjbp%2FsG6kuO8i0jT1qL3z%2FlrK52PZqfsykSKUfQi7%2BWu7qDIWXd1COEMVgWYAVZb1XOo8%2BF5QlurQl0O3338s3in9pNIX06GboBQ3OxZ55d0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76cab3859a1e770e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cutpaid.com/OgTqS | 172.67.183.8 | 200 OK | 0 B |
IP172.67.183.8:0
GET /OgTqS HTTP/1.1
Host: cutpaid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 19 Nov 2022 17:35:10 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
set-cookie: AppSession=43c6ea7b470d347d3c67b6af10253fb6; path=/; HttpOnly
csrfToken=22d5b48aa03e6229e5cb96c41d6a5ea74cf31140b44aa29123bb14f886dfc830e134ff091ffd901673431103d9e2626bdc12ff19ce1cdae4fa57ac9981b0476f; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2yxg6ZuyA0QGQUmXAYYb%2B7kjZ9SUl8AZAuCg3vi44bg4S5TrhlPq8%2BUYteY6VqcdjGjnK518VZVJi9RpFiu5kPv63UM5eOeOLKmNwtUkyD1aKM7bGZYcYzgk8iuZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76cab36b5ecab523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
104.21.48.87
0.0.0.0