cutpaid.com/xiP9YLLr
188.114.97.1301 Moved Permanently 0 B IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xiP9YLLr HTTP/1.1
Host: cutpaid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 02:20:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 03:20:38 GMT
Location: https://cutpaid.com/xiP9YLLr
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d9wcCoU9s%2FmYVO%2BWCYHvGSNwCPIYBd%2BIVftjLKhr9RNLtsIGMywzcnFnpScjSIY07yEZzOVaPG1Bk29lwKc000Q2KiHW3GVQTHyCwCrudm4f99qwtOX2kelOmJOSmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7759c8829c8bb521-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6623
Expires: Wed, 07 Dec 2022 04:11:01 GMT
Date: Wed, 07 Dec 2022 02:20:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3512
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Etag: "638f19f6-1d7"
Last-Modified: Wed, 07 Dec 2022 01:22:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3217
Expires: Wed, 07 Dec 2022 03:14:15 GMT
Date: Wed, 07 Dec 2022 02:20:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 02:18:44 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 114
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xHmJNAaOMuSgStqAprDm0ZegbV/O2AOiiIDM8JQk66nDWoOHsafkrjlBL5+wTq76na65teJ4RWM=
x-amz-request-id: SRQWDRVSHX483DFN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 01:47:19 GMT
age: 1999
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1bca857ef972317def17176019c62f14
bc8a3ae18161243fd7e0a8ee8b792c581b95aa77
39ee7d35ff7d7dfd38f990e96b4ede345e724495b573e8636dc7eb44ba54e72b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=111138
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Etag: "638f0798-118"
Expires: Thu, 08 Dec 2022 09:12:56 GMT
Last-Modified: Tue, 06 Dec 2022 09:12:56 GMT
Server: nginx
Content-Length: 280
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 02:20:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1bca857ef972317def17176019c62f14
bc8a3ae18161243fd7e0a8ee8b792c581b95aa77
39ee7d35ff7d7dfd38f990e96b4ede345e724495b573e8636dc7eb44ba54e72b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=111138
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Etag: "638f0798-118"
Expires: Thu, 08 Dec 2022 09:12:56 GMT
Last-Modified: Tue, 06 Dec 2022 09:12:56 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cutpaid.com/xiP9YLLr
188.114.96.1200 OK 9.7 kB IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1028), with CRLF, LF line terminators
Hash 6d8c3c7d84992fb151190816d39b81a4
21bf13e4b6863bc9832b0ebe67cf528fda962506
0b32ef13428270a0e870f4ca184ed7b77fdfc77f3e95e564a7745bb3d7b92948
GET /xiP9YLLr HTTP/1.1
Host: cutpaid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:38 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
set-cookie: AppSession=403d9e43b35eb3ad5442d96b634abf3d; path=/; HttpOnly
csrfToken=121409289f9733ca219516366cc584ac7e5fbe7fa0a0c364fbd9578c8e797764cfc6405df3a8c1556381b39ef8699070e7dcd7bb75ea3dcda1a373090531063a; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKYD%2BLg37q6iyBziFMN7fYrDjpODzknfLU8Mg5MqbgAmSkLm%2BH3X3Ynv7jG%2F5KX%2F1T7h6Zv2gGbJy3IRtlYWc93jIiGiiKpJqDQgfD%2F8ztod6mjgJwQlVeewuNlTIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7759c88458aab512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
142.250.74.132200 OK 580 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP 142.250.74.132:0
File type ASCII text, with very long lines (918), with no line terminators
Hash dbf518f97165d213611f9e6f762bf876
a8529116d76204a0420a8c244723466310787f79
bc0692ecebd5884ea21d4bd3cd0ef1aa05f8a8439ea5f8ea7ebfe8110b603082
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 07 Dec 2022 02:20:38 GMT
date: Wed, 07 Dec 2022 02:20:38 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 02:11:20 GMT
cache-control: public,max-age=3600
age: 558
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ee6bfe50f8e4b9c142f971a55496ac26
8c3fd42aaa7fa3ebdedc4f7b0271b8caae166e64
4582e8e1ada92a279cbc5d82904c7fd27b9d4b95bc06c7a8b3c13168978f0b33
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3504
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Etag: "638f062a-1d7"
Last-Modified: Wed, 07 Dec 2022 01:22:14 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 31196, version 1.0\012- data
Hash ea2343c7dccad57360fb611d67204445
b603d9e68bb1ed5e4b33d5e31121160cb4d23452
2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc
GET /s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 14:53:27 GMT
expires: Sun, 03 Dec 2023 14:53:27 GMT
cache-control: public, max-age=31536000
age: 300432
last-modified: Mon, 11 Jul 2022 20:43:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:30:11 GMT
expires: Sat, 02 Dec 2023 06:30:11 GMT
cache-control: public, max-age=31536000
age: 417028
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 02:20:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: L1Ji+OP9aVvr6zZVM5B2Pg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fcHxr1W2C+ZlvrBXHCooo6KIlLQ=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d20d9069fb18ae417bcd33e6628c08d6
c780979ac8191594febdbd9c089077f838750e72
3bbbe2cfe333448e14c992c237c5a57cb7205fc0472596c7a640198997a16e1e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BBBE2CFE333448E14C992C237C5A57CB7205FC0472596C7A640198997A16E1E"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6757
Expires: Wed, 07 Dec 2022 04:13:16 GMT
Date: Wed, 07 Dec 2022 02:20:39 GMT
Connection: keep-alive
plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js
173.233.139.164200 OK 21 kB URL HTTP/1.1 plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js
IP 173.233.139.164:0
File type HTML document, ASCII text, with very long lines (60173), with no line terminators
Hash 3be026c9b1b6b6a1781cc73b6d0fec11
1ab1d6f5e264a225c1eff496cff8001c9a37cb68
19f61d5a820cea0bf696107d8fa62540b0cda67ebaebe1ab860b818e255ce03d
GET /7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js HTTP/1.1
Host: plungebriefinggladly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fb0d3c1e3826a35fbf5a0c42b3fbbab3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128910
Date: Wed, 07 Dec 2022 02:20:39 GMT
Etag: "638f4418-1d7"
Expires: Thu, 08 Dec 2022 14:09:09 GMT
Last-Modified: Tue, 06 Dec 2022 13:31:04 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O-sEA6wH0-AEx6CYLHTV3Z5y6XnFb17-rK6LcDGVJaw2XDjm7mzmTA==
Age: 2285
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 89a933b3e8f04fd131d19bcefde8eb4d
989d77ac1d75279cd52c54eda5b5f84c6f3c79e0
8637d8eff3729e938f9cbe525adae927cecce07d4809a5735f58df434e1b402d
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cutpaid.com
access-control-allow-credentials: true
set-cookie: uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; expires=Sat, 04 Dec 2032 02:20:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 34c7ea5adb0245bd2982be787007b10f
00ae5c05e6cd23cb84975f9e3c4e8a7decdab17c
9e561c15522fbb38bbd321a4d38776cd60fe8a612f80358dc9202a1fae96d6a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E561C15522FBB38BBD321A4D38776CD60FE8A612F80358DC9202A1FAE96D6A2"
Last-Modified: Tue, 06 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9298
Expires: Wed, 07 Dec 2022 04:55:38 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4572d87a1e0ec8c2d53b33a39b06f02a
f6d469af83db717e1a691532052868c7925b2fe0
546f530032e8c8cd6e51d1adb173e194cef6610ee425b44fa57bdd153aaab079
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "546F530032E8C8CD6E51D1ADB173E194CEF6610EE425B44FA57BDD153AAAB079"
Last-Modified: Tue, 06 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17527
Expires: Wed, 07 Dec 2022 07:12:47 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4572d87a1e0ec8c2d53b33a39b06f02a
f6d469af83db717e1a691532052868c7925b2fe0
546f530032e8c8cd6e51d1adb173e194cef6610ee425b44fa57bdd153aaab079
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "546F530032E8C8CD6E51D1ADB173E194CEF6610EE425B44FA57BDD153AAAB079"
Last-Modified: Tue, 06 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17527
Expires: Wed, 07 Dec 2022 07:12:47 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.35200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 11:03:19 GMT
expires: Wed, 06 Dec 2023 11:03:19 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 55041
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93cd4106946bc499c4dbdfcab6ea7718
5628412fd5319f549699b48bc27ff0f2f334e6bd
9b471a64f51d01dc302ad60957ad702f536d4e2682ee9a594fe2253e1101d909
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B471A64F51D01DC302AD60957AD702F536D4E2682EE9A594FE2253E1101D909"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3250
Expires: Wed, 07 Dec 2022 03:14:50 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:19:47 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 132878027
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.13200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 02:20:40 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0fa7637eef6b907c7e23d3a3e811f44a
Strict-Transport-Security: max-age=0; includeSubdomains
hygieneretorted.com/pixel/purst?dl=0&th=0&sc=0&rs=1409&rd=1409&fd=908&bv=22.10.v.9&tmpl=70
192.243.61.225200 OK 0 B URL HTTP/1.1 hygieneretorted.com/pixel/purst?dl=0&th=0&sc=0&rs=1409&rd=1409&fd=908&bv=22.10.v.9&tmpl=70
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=1409&rd=1409&fd=908&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: hygieneretorted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
hygieneretorted.com/01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 hygieneretorted.com/01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37135), with no line terminators
Hash e73aca594cc60d21a3e3bd5d1af24cfb
264792c741bd6f011a68f94a2d2d8d0c7232e9d1
c7b2ca28060df3ef3541604a917cac847dd454df059ddd38baa54eb89267c8fb
GET /01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js HTTP/1.1
Host: hygieneretorted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d6beb4940c12343bf82b044f5b50c5f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10552
Expires: Wed, 07 Dec 2022 05:16:32 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10552
Expires: Wed, 07 Dec 2022 05:16:32 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10552
Expires: Wed, 07 Dec 2022 05:16:32 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10552
Expires: Wed, 07 Dec 2022 05:16:32 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7ee62c5e846e8ad4808f4724f15146d
6d55b299f906908309f91eaf0a720ad65866db04
0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Znjnq24wuXoi43Bfc9aPdcUHhMh-a00hSCXUHFpHq3sTtQQoUYe6Uw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:29:49 GMT
age: 67851
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b89a7fe1080499e4f7171f962b57fec4
62ef59be034071e667e3476ea0740077c86778c1
e17432ce6af0006ba36fd43e13c56c1bd1dd9b1d1bc250309bc2731ac8f52abb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8906
x-amzn-requestid: 453c8d4f-205d-46ac-8d24-1c9849d71419
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvmAyEMnoAMFZwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb6d1-7b5051335073a5d2339e02e1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:40:33 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2LpJmaGp8UzaZHqa9WtCTvFq0oQYOVNAdKBdYHURf2d2v5fh7j44uQ==
via: 1.1 e124ba8d7ba1d81e2fdc59ac89f11b70.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:55:06 GMT
age: 15934
etag: "62ef59be034071e667e3476ea0740077c86778c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a317faf49d8e057d1da40f9441b6c30
f01497a3eef693b70b18885156f63c9c7305ed7e
5687e273eefa9ba3733fabe234e52bc7db87b4ec6244d12077c5816ae7961576
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12259
x-amzn-requestid: db1b424e-af8a-4a6f-92dc-27ccf3256d25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: coKPCHc9oAMFygg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638cbd93-56c293d73368cab66819d31e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 15:32:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1go6MAGUUThlH59lQ8FRciYwPrzYJbcTKlNPmzqxNWynDV7SHrwmTw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 05:47:40 GMT
age: 73980
etag: "f01497a3eef693b70b18885156f63c9c7305ed7e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b92721cbe24623f1713a5248d6a7c1b2
3628390c62642dcc375b28f58c9b48180c4abd73
37d0451c03bc7cf0253aba6d3204cbf38502692a0fbc751a3ead01b07e9a65d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9613
x-amzn-requestid: 3542fd4f-74e3-450b-b7fc-04034d680bf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cslIEEDtIAMFfuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e8233-40eaebed627d374d0910e456;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 23:43:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2aI7z8gOkQiNDlj2tbsoWibfupjl25ZjoO_QRbfmXQKwO-yF455yXg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:18:37 GMT
age: 68523
etag: "3628390c62642dcc375b28f58c9b48180c4abd73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb1ea0161d261518c99909aff49e6f58
c3b915cb579b651db25442fea0bbedd0d292c0fc
d877a21abfd883a368da0136c4e56d7f590fa9e9ea09dec3675823211fe56385
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6110
x-amzn-requestid: 2ebf542a-dacc-472a-81c0-0c69cb1ec143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEQAH2doAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb3ff-7173ff7941b57fa163e3cc6b;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fxuPjC35VBDaymSCPY_iBxDnQY4CFHgolHSmnDhCRUjzw5UzY7ovA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 04:12:54 GMT
etag: "c3b915cb579b651db25442fea0bbedd0d292c0fc"
content-type: image/jpeg
age: 79666
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 550ee57c325ce8d4892400deb24141d3
acece1761a7d4d3926500726c19d528bb204ef4c
7cc68e966362916947e7d6e24d3c001c64298fec2438a97538765d801fa7c92c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10362
x-amzn-requestid: 7fdd2011-e283-467e-9f04-741946a834ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpl_1EsooAMFhvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5065-0cddad1919d984065bd0b03e;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 01:59:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WtZWFmfVSXYRQlYwpBxj8JG_WC91ik_p68HjX7-wCfYb0624CvcBSA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:58:02 GMT
age: 71600
etag: "acece1761a7d4d3926500726c19d528bb204ef4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5ec94a04d79a44bd54d220a80f789ba
56296c85e756283c4d7c90d6c327bc815c105b6d
c82e514bd4836dd8f600a005575285d5938d20af9a78d108bbe746e041a35abc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C82E514BD4836DD8F600A005575285D5938D20AF9A78D108BBE746E041A35ABC"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3100
Expires: Wed, 07 Dec 2022 03:12:20 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5ec94a04d79a44bd54d220a80f789ba
56296c85e756283c4d7c90d6c327bc815c105b6d
c82e514bd4836dd8f600a005575285d5938d20af9a78d108bbe746e041a35abc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C82E514BD4836DD8F600A005575285D5938D20AF9A78D108BBE746E041A35ABC"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3100
Expires: Wed, 07 Dec 2022 03:12:20 GMT
Date: Wed, 07 Dec 2022 02:20:40 GMT
Connection: keep-alive
s4.histats.com/stats/4137781.php?4137781&@f16&@g1&@h1&@i1&@j1670379640107&@k0&@l1&@mCutpaid&@n0&@o1000&@q0&@r0&@s1034&@ten-US&@u1280&@b1:11568352&@b3:1670379640&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fcutpaid.com%2FxiP9YLLr&@w
149.56.240.128200 OK 51 B URL HTTP/1.1 s4.histats.com/stats/4137781.php?4137781&@f16&@g1&@h1&@i1&@j1670379640107&@k0&@l1&@mCutpaid&@n0&@o1000&@q0&@r0&@s1034&@ten-US&@u1280&@b1:11568352&@b3:1670379640&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fcutpaid.com%2FxiP9YLLr&@w
IP 149.56.240.128:0
File type ASCII text, with no line terminators
Hash d042058e6ea97cbdb6799b4e51069ec0
82a9d27f40895008123355b27a6da9611b6a31fa
05ab2ed1e7ecbc39a0197b6b1ab7fbaa7f77ee3245a2ee8059624ffa249051ee
GET /stats/4137781.php?4137781&@f16&@g1&@h1&@i1&@j1670379640107&@k0&@l1&@mCutpaid&@n0&@o1000&@q0&@r0&@s1034&@ten-US&@u1280&@b1:11568352&@b3:1670379640&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fcutpaid.com%2FxiP9YLLr&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 02:20:40 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
s10.histats.com/counters/cc_1034.js
46.105.201.240200 OK 5.5 kB URL HTTP/2 s10.histats.com/counters/cc_1034.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (15333), with no line terminators
Hash ce205bf9427d1fc8a6d26329c3811f67
807840d7c9174fcab11a9d4520538a19d8effadc
b167e0e8b5c1c0d7d4ef6b1050cba84e150e0aa62f9bdc128fc5c68fca8473ed
GET /counters/cc_1034.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:13:00 GMT
etag: "-241208617"
last-modified: Thu, 16 Apr 2020 10:44:41 GMT
x-request-id: 216006882
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 5479
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aa9ebb3cbb2b1b8b6dc38bec40fc3367
c790140794fd9e9b563817f64710c652e1fa16cd
68b169e71cd00d9e5c32d2af3ace7c24b6620a553de3ce8fa5d0d68665ace665
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68B169E71CD00D9E5C32D2AF3ACE7C24B6620A553DE3CE8FA5D0D68665ACE665"
Last-Modified: Tue, 06 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8934
Expires: Wed, 07 Dec 2022 04:49:35 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 932c342bdac10955a7a4526b617b265e
f62040d987f22ab35fa2984e55ce26a78f91c6c0
30a223bb84e4f11a13a48b558f14b7721e0f9e2b029bc8be08e3a2d50ea92e89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30A223BB84E4F11A13A48B558F14B7721E0F9E2B029BC8BE08E3A2D50EA92E89"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2671
Expires: Wed, 07 Dec 2022 03:05:12 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 932c342bdac10955a7a4526b617b265e
f62040d987f22ab35fa2984e55ce26a78f91c6c0
30a223bb84e4f11a13a48b558f14b7721e0f9e2b029bc8be08e3a2d50ea92e89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30A223BB84E4F11A13A48B558F14B7721E0F9E2B029BC8BE08E3A2D50EA92E89"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2671
Expires: Wed, 07 Dec 2022 03:05:12 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
clergymanwonderful.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a%3A3%3A1
173.233.137.52200 OK 12 kB URL HTTP/1.1 clergymanwonderful.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a%3A3%3A1
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (16678), with no line terminators
Hash 0a49c7120f93a2397fe68c8db67a7b9c
961f6636d47178c2287a30d8756ec53c603a9f1e
c71918e36a7dbe325ece0a40cabc4d081866b1740bde5dfd8b1de5dc01ee79c6
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a%3A3%3A1 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:41 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cutpaid.com
Access-Control-Allow-Origin: https://cutpaid.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16650200; expires=Thu, 08 Dec 2022 02:20:41 GMT; secure; SameSite=None
uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; expires=Wed, 14 Dec 2022 02:20:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 02:20:41 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 02:20:41 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 08 Dec 2022 02:20:41 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 08 Dec 2022 02:20:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 38374e4669ed33300593e11fcbd5a628
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
unseenreport.com/pxf.gif?uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 02:20:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 829af7393c21992412935e723f070371
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=578702b5-32cb-4b7b-826c-d2fb10c6530a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 02:20:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a949baaa3221881e2e2f2377ae62d3aa
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ea6d8022d3d0fcb1a655c111694efb3c
0565f1dae70afb9f7d231824a488de4f262218f0
198fc3e66c5d81029e6781d76d0eb5bf8a3c8ae92aa3aa6a7f0fda6d95658a76
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "198FC3E66C5D81029E6781D76D0EB5BF8A3C8AE92AA3AA6A7F0FDA6D95658A76"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13369
Expires: Wed, 07 Dec 2022 06:03:30 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
clergymanwonderful.com/ren.gif?sid=H4sIAAAAAAAC%2F3SWS6zjSlrHkzsXCcECDWIDEtLRHHoE0uTEb8f3MmolzsuJYycnjp1ELQU%2FynYlflfZTrIaMQjNBtGsBonN6ep75zIPHpcNCzQInWaDWkLcwwL6SjQ71rw0YoXQOd2oBzH3k%2BX6qr5afF99v3%2BpfvtZ%2BbpBkdJ%2BNZ%2BlZxhFdpu%2Foi5%2B1YKJl9boQjMuaOqK%2BvDCgonAfXhxvP8V1Qc0xV9Rv3YxAu4hbTMUTVE0RV8MYQH89Nh%2BiBKY%2FUCiryTqimOuaJ4jx%2BL%2FzlHZJMhuEq963fh5Ar27nwr%2F5lMC3VuSxH%2FaB%2BiA0%2Bxrg7iMbJwWpPI%2BWSWHJK0TEr9z%2FaJJ%2FOSTt7tJiu4ajd9%2Fj6TJJ28rIGn10X0FxIF3jeY%2F0MRJPnmbJnGqj99k6kQEJMTxfpbU1S0B0S2B9i1x028S6H3WIMT1iKaTJP6Olha1fXoTte%2Bjd433f%2FQfBNZ3jff%2F6RdIEv9xL4LHi2UalRimCSJH%2F4bA4y2BwS3JyhcEn5sE1i%2BIi3%2BTQO9vG%2B0fqSSJP9JRlBLovfoVXuyIFOPwLZZxnRbniE6rwwhuy2N8h6ZcgWcp%2B%2BGIILwl0L8lEXhKbPQlUqImKWGTlH6TlFmTxN6rC5uXfIoSfcdn2Q7nui7Lui7fETzeY7mOT5HSva%2FhKcHZU%2BJGT4lbfINkxTfIAT4lRflXBIU3BHlNgnCDVN4NqUGD1KhBartBatggNW6Qurr52IsQg26%2B40WodOi3I%2FN2ZG%2Bepzh4Zn%2Bc4gAkjWfZ68aXHw7uv3%2FuH8kBvLqgaN%2F3WMHzHRewHi9Iju13vA4nuJ7ouAJPELwhEL1HbNQk5%2Fsu%2FtHXSAbvGo2%2F%2BE%2Fi2C8Iil4QF36Z2OUvE7t%2BLjIUscPnXIci5%2BR7OAZ2kVy5aUy89IZk%2BH2CT81n0evGLz5kwX713wlwXz7%2Bs2%2F%2F3eGHf%2FnrxC1uSFbckD386wYJom89v07rxkfXaY0an%2BoZhjE82%2FetXWIbg8b3puBUp4Wn9NHT73bd%2B8C9%2BwMDIKzaiQeTADW%2B34OeB4phWrig8UMFWcCZlyjslUVSZupcHipxVgCEYJrcEht%2B5pjEhXeNn37xMw%2FQ%2FpL3BwQWL0hRft78txDj7IN22%2FbA0Q3tJACBjcF9dW0vbbtXWZg9RtiObfz1%2BJEoP2Luv24IWMwoDB6t2N5EGo0pb%2BCN5%2BxxfgX4ziNGrlYdvN6F8oYSpQMXlW5oj2a5vubUCVZmvSJw0RRy4nG29FBS9ZcVMGva2i3KE53LiTnvDjl7fRSo2tR7rFiNjlsxTXtuLCvrWWS4WlKARAx6%2BkpcVhEK0cHazXcLOD8HWSKYFavPlHiQ%2BMmKwvTI3AG2GC4KZ51yIArMjBrp2T7pJDUA9ADXkzE9gq1eMTkZyXLLT8eh5J8Uhj4nxyGl8zpy0TQYiVvljC1vk6u1y4tz%2BaAN6dikS%2FYAO7TC1bk4P2xzR%2Bke%2FJHUU6%2BtVrXYagXd2vfoZFEwsstylLbaaN1zbysq%2Fi5fI5gEPm2hvTEyQ2u%2FOeQoG9ecjlv7bC0eT31zepzqOjpPRHPpL%2BvwusLJSCi0bOp0vfM168%2BCOPfnfNajZFOqInXGYJtzVUMMvHMhB0531zpLsyiU1oO0t3jTPBKXLx%2F%2Fa%2BPBCExviZv91qeXl3N9afS68nS3ulaXl5efv%2FfqKw9oPGk%2F%2BQlw3K8dn7TTDCQFdp60mSftGiY%2FmZaAHTIenOXpPS1868dp8SXxESOzyyGczhnNnWlSRWPh1I1bbsevTbtfpi3MrfeLhY4G86WXt%2FhqJW%2FWapVMvdqbHiad%2BGymqun1NG%2Bp%2BcaM79uCMNqfLGu0zlZLZ3iIxtZGNeO5zfJ6awileqQE%2BVBR9j4WdjJnepp1Tixx2KL9ONcNrRpFpmZ2zZDmDoyzOyt1GS4TWjl1oTicLial0t9pDM2N1tKiI%2FlJKXe8rAw6SzVfHZPpcsVuxzovCNqGBfJ1Oh7xa7g7%2BvnAsuZ6lrP8SdxzQyGLfUefxKNenkz2m90%2B7Wml058VcDc7WtWqay7m0Wy6HwTdgC0X%2BVJSdrzNcWfTtfLa0tmMDa9DPY5WyyKazorEYmO0ocNyGJxxb9Ffrw9xuMoNVpn0MTXGm5mcnyd0byKfFjYODxLgrveFx%2BBJPxVlmoqoYZLrhmiZQJXMCa4YsbeSBSmZZVI3r7uzCTJkRoTuctufbsdCi1JFP%2FVAHXKr9d6zE5rGG81pFUthfK2y%2FbWKudNiupoFak3zwzzvb1VnMcts2zUhOBwEKseHVX%2FalYXZaYEUfs3Me6EWLcfm6BB31%2Bd5NN7lvZFldHBZOHCz257no8of42lHWsG5tev5lbVbBZNt3dcQjy2r2CmJ7q5NrYNsqQzewPdV2zvusgK64OvUFSUyAiN95Q8vLxVZ1y4vX%2F3GPeLog3bbLQqQpQ%2FXHjhix07aLCVITIdiqLZbABvDCqA2w%2FIcQ4lcmxdtzhMYigEd1rcZp0NRkuAAzwO8wIu%2BtxMFjrrKkuC7l5eGYqiDy8vvawB4F%2FaFOdce%2F8nlZX%2BwlK%2BVuaHc5%2FHnchpndgEucAguHIDw%2Fa6rqyuCspeNt0ZQ2iBF9G7uZE1Sl5%2B%2F99kX3%2BC2d%2FxfibaZLxboItzsOegX%2BP8LVBS5R4x8MvoHlltwpRhjz6FVs%2BLWYn5aIdfMW%2BaaXUxzvZuIcbzsje1eq9YNZyy7RssM0WQZlrq%2Bz%2Fsda6HK01hze7tNJgUGlkM6jM%2BH4fSAp8WglbJrbnLmh8ahno9UtlKAE4wRdGWE2W2uDroGsIsJnhvJ9URZJHpnOEAK5Lk5ANM9N3MGpdxVt%2FKsNvvTsKuoZ80%2BnaaKc87wCmfHE1c5kzJJ1TqNjZgT5vm48pPeYJjjoTKdt8TyZJuo0Ey3ovoFLZi97n67EnrJSV0dt7awYZ0AzyuvyETK9OWFpqXXlOvu1%2B7G4ZiZxsWZE1F444%2FSGFawxThIPpymy5ayoyS%2B40UW3G%2F3w%2BC4V1SlUy66BcVX4fogbljFaBl9p58zLpcPXM5MJTrZLkOkVDmTWV09Veoyzsxu2NnLI7OW82t%2BYghRyfZU69RVWlugqXbMTlacwVjz0K%2BN8WhzCpbbZb6VD1FHsxbrVWsy3kfa2t0FUz%2Fr6GmfoqaMaxjibD9zNLAtBxvQVzVaBcNizimj%2BbSQk%2FOkPOleue16mxj7J2ScdmOJpZSZpWjhRonBjnZbymwTrVtDUbyWOrqmDXqb4RKUDNTqaHAYSzBRbNuwa3AItCjn4lRvVUy37CvdLxTo84Jx3r2fInjXkP6lQSLw8vG3f0f%2F5w%2B9LbGdG4LAj2nhnf8MfYsERZPY%2BJskiW9IVdyQKrohdvSUoPJLz3FWvHz89%2ByDESdqPneiovmRExXR7715uyH46gLwPuUDigGOLzm%2BaFOe5HOSY0s0EB3epglGd%2B7v%2FtfpfwAAAP%2F%2FAQAA%2F%2F%2Bm%2B%2F167QwAAA%3D%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 clergymanwonderful.com/ren.gif?sid=H4sIAAAAAAAC%2F3SWS6zjSlrHkzsXCcECDWIDEtLRHHoE0uTEb8f3MmolzsuJYycnjp1ELQU%2FynYlflfZTrIaMQjNBtGsBonN6ep75zIPHpcNCzQInWaDWkLcwwL6SjQ71rw0YoXQOd2oBzH3k%2BX6qr5afF99v3%2BpfvtZ%2BbpBkdJ%2BNZ%2BlZxhFdpu%2Foi5%2B1YKJl9boQjMuaOqK%2BvDCgonAfXhxvP8V1Qc0xV9Rv3YxAu4hbTMUTVE0RV8MYQH89Nh%2BiBKY%2FUCiryTqimOuaJ4jx%2BL%2FzlHZJMhuEq963fh5Ar27nwr%2F5lMC3VuSxH%2FaB%2BiA0%2Bxrg7iMbJwWpPI%2BWSWHJK0TEr9z%2FaJJ%2FOSTt7tJiu4ajd9%2Fj6TJJ28rIGn10X0FxIF3jeY%2F0MRJPnmbJnGqj99k6kQEJMTxfpbU1S0B0S2B9i1x028S6H3WIMT1iKaTJP6Olha1fXoTte%2Bjd433f%2FQfBNZ3jff%2F6RdIEv9xL4LHi2UalRimCSJH%2F4bA4y2BwS3JyhcEn5sE1i%2BIi3%2BTQO9vG%2B0fqSSJP9JRlBLovfoVXuyIFOPwLZZxnRbniE6rwwhuy2N8h6ZcgWcp%2B%2BGIILwl0L8lEXhKbPQlUqImKWGTlH6TlFmTxN6rC5uXfIoSfcdn2Q7nui7Lui7fETzeY7mOT5HSva%2FhKcHZU%2BJGT4lbfINkxTfIAT4lRflXBIU3BHlNgnCDVN4NqUGD1KhBartBatggNW6Qurr52IsQg26%2B40WodOi3I%2FN2ZG%2Bepzh4Zn%2Bc4gAkjWfZ68aXHw7uv3%2FuH8kBvLqgaN%2F3WMHzHRewHi9Iju13vA4nuJ7ouAJPELwhEL1HbNQk5%2Fsu%2FtHXSAbvGo2%2F%2BE%2Fi2C8Iil4QF36Z2OUvE7t%2BLjIUscPnXIci5%2BR7OAZ2kVy5aUy89IZk%2BH2CT81n0evGLz5kwX713wlwXz7%2Bs2%2F%2F3eGHf%2FnrxC1uSFbckD386wYJom89v07rxkfXaY0an%2BoZhjE82%2FetXWIbg8b3puBUp4Wn9NHT73bd%2B8C9%2BwMDIKzaiQeTADW%2B34OeB4phWrig8UMFWcCZlyjslUVSZupcHipxVgCEYJrcEht%2B5pjEhXeNn37xMw%2FQ%2FpL3BwQWL0hRft78txDj7IN22%2FbA0Q3tJACBjcF9dW0vbbtXWZg9RtiObfz1%2BJEoP2Luv24IWMwoDB6t2N5EGo0pb%2BCN5%2BxxfgX4ziNGrlYdvN6F8oYSpQMXlW5oj2a5vubUCVZmvSJw0RRy4nG29FBS9ZcVMGva2i3KE53LiTnvDjl7fRSo2tR7rFiNjlsxTXtuLCvrWWS4WlKARAx6%2BkpcVhEK0cHazXcLOD8HWSKYFavPlHiQ%2BMmKwvTI3AG2GC4KZ51yIArMjBrp2T7pJDUA9ADXkzE9gq1eMTkZyXLLT8eh5J8Uhj4nxyGl8zpy0TQYiVvljC1vk6u1y4tz%2BaAN6dikS%2FYAO7TC1bk4P2xzR%2Bke%2FJHUU6%2BtVrXYagXd2vfoZFEwsstylLbaaN1zbysq%2Fi5fI5gEPm2hvTEyQ2u%2FOeQoG9ecjlv7bC0eT31zepzqOjpPRHPpL%2BvwusLJSCi0bOp0vfM168%2BCOPfnfNajZFOqInXGYJtzVUMMvHMhB0531zpLsyiU1oO0t3jTPBKXLx%2F%2Fa%2BPBCExviZv91qeXl3N9afS68nS3ulaXl5efv%2FfqKw9oPGk%2F%2BQlw3K8dn7TTDCQFdp60mSftGiY%2FmZaAHTIenOXpPS1868dp8SXxESOzyyGczhnNnWlSRWPh1I1bbsevTbtfpi3MrfeLhY4G86WXt%2FhqJW%2FWapVMvdqbHiad%2BGymqun1NG%2Bp%2BcaM79uCMNqfLGu0zlZLZ3iIxtZGNeO5zfJ6awileqQE%2BVBR9j4WdjJnepp1Tixx2KL9ONcNrRpFpmZ2zZDmDoyzOyt1GS4TWjl1oTicLial0t9pDM2N1tKiI%2FlJKXe8rAw6SzVfHZPpcsVuxzovCNqGBfJ1Oh7xa7g7%2BvnAsuZ6lrP8SdxzQyGLfUefxKNenkz2m90%2B7Wml058VcDc7WtWqay7m0Wy6HwTdgC0X%2BVJSdrzNcWfTtfLa0tmMDa9DPY5WyyKazorEYmO0ocNyGJxxb9Ffrw9xuMoNVpn0MTXGm5mcnyd0byKfFjYODxLgrveFx%2BBJPxVlmoqoYZLrhmiZQJXMCa4YsbeSBSmZZVI3r7uzCTJkRoTuctufbsdCi1JFP%2FVAHXKr9d6zE5rGG81pFUthfK2y%2FbWKudNiupoFak3zwzzvb1VnMcts2zUhOBwEKseHVX%2FalYXZaYEUfs3Me6EWLcfm6BB31%2Bd5NN7lvZFldHBZOHCz257no8of42lHWsG5tev5lbVbBZNt3dcQjy2r2CmJ7q5NrYNsqQzewPdV2zvusgK64OvUFSUyAiN95Q8vLxVZ1y4vX%2F3GPeLog3bbLQqQpQ%2FXHjhix07aLCVITIdiqLZbABvDCqA2w%2FIcQ4lcmxdtzhMYigEd1rcZp0NRkuAAzwO8wIu%2BtxMFjrrKkuC7l5eGYqiDy8vvawB4F%2FaFOdce%2F8nlZX%2BwlK%2BVuaHc5%2FHnchpndgEucAguHIDw%2Fa6rqyuCspeNt0ZQ2iBF9G7uZE1Sl5%2B%2F99kX3%2BC2d%2FxfibaZLxboItzsOegX%2BP8LVBS5R4x8MvoHlltwpRhjz6FVs%2BLWYn5aIdfMW%2BaaXUxzvZuIcbzsje1eq9YNZyy7RssM0WQZlrq%2Bz%2Fsda6HK01hze7tNJgUGlkM6jM%2BH4fSAp8WglbJrbnLmh8ahno9UtlKAE4wRdGWE2W2uDroGsIsJnhvJ9URZJHpnOEAK5Lk5ANM9N3MGpdxVt%2FKsNvvTsKuoZ80%2BnaaKc87wCmfHE1c5kzJJ1TqNjZgT5vm48pPeYJjjoTKdt8TyZJuo0Ey3ovoFLZi97n67EnrJSV0dt7awYZ0AzyuvyETK9OWFpqXXlOvu1%2B7G4ZiZxsWZE1F444%2FSGFawxThIPpymy5ayoyS%2B40UW3G%2F3w%2BC4V1SlUy66BcVX4fogbljFaBl9p58zLpcPXM5MJTrZLkOkVDmTWV09Veoyzsxu2NnLI7OW82t%2BYghRyfZU69RVWlugqXbMTlacwVjz0K%2BN8WhzCpbbZb6VD1FHsxbrVWsy3kfa2t0FUz%2Fr6GmfoqaMaxjibD9zNLAtBxvQVzVaBcNizimj%2BbSQk%2FOkPOleue16mxj7J2ScdmOJpZSZpWjhRonBjnZbymwTrVtDUbyWOrqmDXqb4RKUDNTqaHAYSzBRbNuwa3AItCjn4lRvVUy37CvdLxTo84Jx3r2fInjXkP6lQSLw8vG3f0f%2F5w%2B9LbGdG4LAj2nhnf8MfYsERZPY%2BJskiW9IVdyQKrohdvSUoPJLz3FWvHz89%2ByDESdqPneiovmRExXR7715uyH46gLwPuUDigGOLzm%2BaFOe5HOSY0s0EB3epglGd%2B7v%2FtfpfwAAAP%2F%2FAQAA%2F%2F%2Bm%2B%2F167QwAAA%3D%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F3SWS6zjSlrHkzsXCcECDWIDEtLRHHoE0uTEb8f3MmolzsuJYycnjp1ELQU%2FynYlflfZTrIaMQjNBtGsBonN6ep75zIPHpcNCzQInWaDWkLcwwL6SjQ71rw0YoXQOd2oBzH3k%2BX6qr5afF99v3%2BpfvtZ%2BbpBkdJ%2BNZ%2BlZxhFdpu%2Foi5%2B1YKJl9boQjMuaOqK%2BvDCgonAfXhxvP8V1Qc0xV9Rv3YxAu4hbTMUTVE0RV8MYQH89Nh%2BiBKY%2FUCiryTqimOuaJ4jx%2BL%2FzlHZJMhuEq963fh5Ar27nwr%2F5lMC3VuSxH%2FaB%2BiA0%2Bxrg7iMbJwWpPI%2BWSWHJK0TEr9z%2FaJJ%2FOSTt7tJiu4ajd9%2Fj6TJJ28rIGn10X0FxIF3jeY%2F0MRJPnmbJnGqj99k6kQEJMTxfpbU1S0B0S2B9i1x028S6H3WIMT1iKaTJP6Olha1fXoTte%2Bjd433f%2FQfBNZ3jff%2F6RdIEv9xL4LHi2UalRimCSJH%2F4bA4y2BwS3JyhcEn5sE1i%2BIi3%2BTQO9vG%2B0fqSSJP9JRlBLovfoVXuyIFOPwLZZxnRbniE6rwwhuy2N8h6ZcgWcp%2B%2BGIILwl0L8lEXhKbPQlUqImKWGTlH6TlFmTxN6rC5uXfIoSfcdn2Q7nui7Lui7fETzeY7mOT5HSva%2FhKcHZU%2BJGT4lbfINkxTfIAT4lRflXBIU3BHlNgnCDVN4NqUGD1KhBartBatggNW6Qurr52IsQg26%2B40WodOi3I%2FN2ZG%2Bepzh4Zn%2Bc4gAkjWfZ68aXHw7uv3%2FuH8kBvLqgaN%2F3WMHzHRewHi9Iju13vA4nuJ7ouAJPELwhEL1HbNQk5%2Fsu%2FtHXSAbvGo2%2F%2BE%2Fi2C8Iil4QF36Z2OUvE7t%2BLjIUscPnXIci5%2BR7OAZ2kVy5aUy89IZk%2BH2CT81n0evGLz5kwX713wlwXz7%2Bs2%2F%2F3eGHf%2FnrxC1uSFbckD386wYJom89v07rxkfXaY0an%2BoZhjE82%2FetXWIbg8b3puBUp4Wn9NHT73bd%2B8C9%2BwMDIKzaiQeTADW%2B34OeB4phWrig8UMFWcCZlyjslUVSZupcHipxVgCEYJrcEht%2B5pjEhXeNn37xMw%2FQ%2FpL3BwQWL0hRft78txDj7IN22%2FbA0Q3tJACBjcF9dW0vbbtXWZg9RtiObfz1%2BJEoP2Luv24IWMwoDB6t2N5EGo0pb%2BCN5%2BxxfgX4ziNGrlYdvN6F8oYSpQMXlW5oj2a5vubUCVZmvSJw0RRy4nG29FBS9ZcVMGva2i3KE53LiTnvDjl7fRSo2tR7rFiNjlsxTXtuLCvrWWS4WlKARAx6%2BkpcVhEK0cHazXcLOD8HWSKYFavPlHiQ%2BMmKwvTI3AG2GC4KZ51yIArMjBrp2T7pJDUA9ADXkzE9gq1eMTkZyXLLT8eh5J8Uhj4nxyGl8zpy0TQYiVvljC1vk6u1y4tz%2BaAN6dikS%2FYAO7TC1bk4P2xzR%2Bke%2FJHUU6%2BtVrXYagXd2vfoZFEwsstylLbaaN1zbysq%2Fi5fI5gEPm2hvTEyQ2u%2FOeQoG9ecjlv7bC0eT31zepzqOjpPRHPpL%2BvwusLJSCi0bOp0vfM168%2BCOPfnfNajZFOqInXGYJtzVUMMvHMhB0531zpLsyiU1oO0t3jTPBKXLx%2F%2Fa%2BPBCExviZv91qeXl3N9afS68nS3ulaXl5efv%2FfqKw9oPGk%2F%2BQlw3K8dn7TTDCQFdp60mSftGiY%2FmZaAHTIenOXpPS1868dp8SXxESOzyyGczhnNnWlSRWPh1I1bbsevTbtfpi3MrfeLhY4G86WXt%2FhqJW%2FWapVMvdqbHiad%2BGymqun1NG%2Bp%2BcaM79uCMNqfLGu0zlZLZ3iIxtZGNeO5zfJ6awileqQE%2BVBR9j4WdjJnepp1Tixx2KL9ONcNrRpFpmZ2zZDmDoyzOyt1GS4TWjl1oTicLial0t9pDM2N1tKiI%2FlJKXe8rAw6SzVfHZPpcsVuxzovCNqGBfJ1Oh7xa7g7%2BvnAsuZ6lrP8SdxzQyGLfUefxKNenkz2m90%2B7Wml058VcDc7WtWqay7m0Wy6HwTdgC0X%2BVJSdrzNcWfTtfLa0tmMDa9DPY5WyyKazorEYmO0ocNyGJxxb9Ffrw9xuMoNVpn0MTXGm5mcnyd0byKfFjYODxLgrveFx%2BBJPxVlmoqoYZLrhmiZQJXMCa4YsbeSBSmZZVI3r7uzCTJkRoTuctufbsdCi1JFP%2FVAHXKr9d6zE5rGG81pFUthfK2y%2FbWKudNiupoFak3zwzzvb1VnMcts2zUhOBwEKseHVX%2FalYXZaYEUfs3Me6EWLcfm6BB31%2Bd5NN7lvZFldHBZOHCz257no8of42lHWsG5tev5lbVbBZNt3dcQjy2r2CmJ7q5NrYNsqQzewPdV2zvusgK64OvUFSUyAiN95Q8vLxVZ1y4vX%2F3GPeLog3bbLQqQpQ%2FXHjhix07aLCVITIdiqLZbABvDCqA2w%2FIcQ4lcmxdtzhMYigEd1rcZp0NRkuAAzwO8wIu%2BtxMFjrrKkuC7l5eGYqiDy8vvawB4F%2FaFOdce%2F8nlZX%2BwlK%2BVuaHc5%2FHnchpndgEucAguHIDw%2Fa6rqyuCspeNt0ZQ2iBF9G7uZE1Sl5%2B%2F99kX3%2BC2d%2FxfibaZLxboItzsOegX%2BP8LVBS5R4x8MvoHlltwpRhjz6FVs%2BLWYn5aIdfMW%2BaaXUxzvZuIcbzsje1eq9YNZyy7RssM0WQZlrq%2Bz%2Fsda6HK01hze7tNJgUGlkM6jM%2BH4fSAp8WglbJrbnLmh8ahno9UtlKAE4wRdGWE2W2uDroGsIsJnhvJ9URZJHpnOEAK5Lk5ANM9N3MGpdxVt%2FKsNvvTsKuoZ80%2BnaaKc87wCmfHE1c5kzJJ1TqNjZgT5vm48pPeYJjjoTKdt8TyZJuo0Ey3ovoFLZi97n67EnrJSV0dt7awYZ0AzyuvyETK9OWFpqXXlOvu1%2B7G4ZiZxsWZE1F444%2FSGFawxThIPpymy5ayoyS%2B40UW3G%2F3w%2BC4V1SlUy66BcVX4fogbljFaBl9p58zLpcPXM5MJTrZLkOkVDmTWV09Veoyzsxu2NnLI7OW82t%2BYghRyfZU69RVWlugqXbMTlacwVjz0K%2BN8WhzCpbbZb6VD1FHsxbrVWsy3kfa2t0FUz%2Fr6GmfoqaMaxjibD9zNLAtBxvQVzVaBcNizimj%2BbSQk%2FOkPOleue16mxj7J2ScdmOJpZSZpWjhRonBjnZbymwTrVtDUbyWOrqmDXqb4RKUDNTqaHAYSzBRbNuwa3AItCjn4lRvVUy37CvdLxTo84Jx3r2fInjXkP6lQSLw8vG3f0f%2F5w%2B9LbGdG4LAj2nhnf8MfYsERZPY%2BJskiW9IVdyQKrohdvSUoPJLz3FWvHz89%2ByDESdqPneiovmRExXR7715uyH46gLwPuUDigGOLzm%2BaFOe5HOSY0s0EB3epglGd%2B7v%2FtfpfwAAAP%2F%2FAQAA%2F%2F%2Bm%2B%2F167QwAAA%3D%3D HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5da2edd062a27668f5f6cf865c364779
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/notifications/rtb/windows/2/index.html
45.133.44.4200 OK 449 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/rtb/windows/2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 2bf6314ac8fe23cf9f7c15857bf0ee4d
9ee372c110736ce2dc9ba7856ae279d8106f4745
aa7456703f73b27bb4e9f5bcd828a04fa38d12b1285c3f009051bb20689cae52
GET /sb/notifications/rtb/windows/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 17 May 2021 11:56:17 GMT
etag: W/"60a259e1-4b7"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 07 Dec 2022 03:20:41 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f487c9656e04f6341613a2e7b770e964
b210ca7b9fc103cc101e2c05e93a5c0c3ff7f3a4
be0f18f3be762c53367f17301b85bcf92f94f7be506495fc0e31419516a8f420
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BE0F18F3BE762C53367F17301B85BCF92F94F7BE506495FC0E31419516A8F420"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4900
Expires: Wed, 07 Dec 2022 03:42:21 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f487c9656e04f6341613a2e7b770e964
b210ca7b9fc103cc101e2c05e93a5c0c3ff7f3a4
be0f18f3be762c53367f17301b85bcf92f94f7be506495fc0e31419516a8f420
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BE0F18F3BE762C53367F17301B85BCF92F94F7BE506495FC0E31419516A8F420"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4900
Expires: Wed, 07 Dec 2022 03:42:21 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f487c9656e04f6341613a2e7b770e964
b210ca7b9fc103cc101e2c05e93a5c0c3ff7f3a4
be0f18f3be762c53367f17301b85bcf92f94f7be506495fc0e31419516a8f420
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BE0F18F3BE762C53367F17301B85BCF92F94F7BE506495FC0E31419516A8F420"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4900
Expires: Wed, 07 Dec 2022 03:42:21 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/rtb/windows/2/img/number.png
172.64.108.13200 OK 1.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/windows/2/img/number.png
IP 172.64.108.13:0
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/notifications/rtb/windows/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: image/png
content-length: 1138
last-modified: Mon, 17 May 2021 11:56:20 GMT
etag: "60a259e4-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1859199
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7v1tmAiI45MvEP4gcc0mbXOFsHQe723Z3VRkFVJg%2BZY477eZIVJfqTr6eEEcVW5ePvPaHR4wNaFhHGKizP4DgzOLwg4Feg7EBEcnyQ%2BHVJ3xFrRahtxYy5fe0fGUsDgI3uexZBpWHdE0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c89a48e8775b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f487c9656e04f6341613a2e7b770e964
b210ca7b9fc103cc101e2c05e93a5c0c3ff7f3a4
be0f18f3be762c53367f17301b85bcf92f94f7be506495fc0e31419516a8f420
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BE0F18F3BE762C53367F17301B85BCF92F94F7BE506495FC0E31419516A8F420"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4900
Expires: Wed, 07 Dec 2022 03:42:21 GMT
Date: Wed, 07 Dec 2022 02:20:41 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/rtb/windows/2/img/close.png
172.64.108.13200 OK 6.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/windows/2/img/close.png
IP 172.64.108.13:0
File type PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Hash fa3847143b5b8c7823d091ca8e88289f
eb32235cc1d642145643b4a218742564df1db6d9
a78f358b462449955b39bd7957586ab99c75c8ab453975f4789e72d55d921cea
GET /sb/notifications/rtb/windows/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: image/png
content-length: 6318
last-modified: Mon, 17 May 2021 11:56:20 GMT
etag: "60a259e4-18ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1859197
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFvPpOh1oTz14QnAuxkc9giTlnxRRqGy7eBftsskYKKKbeA%2FyKJfnp%2FKnKX3GPw2WicrIDPql7V%2FCzafoHyIwAgaYJubtfb6uVj1CSLyt1bWd%2BJEE5hgBhcRRw0pI8vb5nMJ2ZAxrsyr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c89a48ea775b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fjs%2Fscript.js&l=380&fd=175
173.233.137.52200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fjs%2Fscript.js&l=380&fd=175
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fjs%2Fscript.js&l=380&fd=175 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adexchangegate.com/adx/openrtb/2/win.php?stamat=m%7C%2C%2Cg3F2diMqoGU3B5-GH0dEdHP3xP.f97%2C3SFiKP2NcMN9v1t6yAm-c8fwVaDuo-t4XjQQOsEPSdq-5vUCYXLvnKdwdKkJ8mzVoLVdBNdSNfTM5Da66GjyWWGXpUSbFklHWYLVmPa35O-Fi9wGIgqFIIjft6_C4VdNWznW7F-1fmqOTNvGlVNVAVh14k2b_zIwuhSn1IyAi7FKQJuID_N214GX9Q89fnuC8dpug8SLqUxnKSU3ZHO566NY3eCRoHG5Xi_xfqEWWPOpq35y7j4F6pmfbOJmGBqnJjY_joBNubDMri_MxWvUAVQPlMKjEgAg3uQqS9I_5a44zVcWqwWO3p3hRhOmlUSrlKMrnW3msY1huFgztBQDXXkmhUqT3IJDt0HtYMCqzJ1BJCyQathk9e4Rjrd2tJDo7C10l0FnqOT7WVeL9VJtv27BUC69nMp9AqwAMJsTC27icSZDKZH6-0L7fodewh4UXjdan11tYNb-rS6HRL3DXLt4yQKUMgLw15FqqDZLbQMpaacViekk60qtkUDKAC6MyQsI5X2PBhNlSHVGkmAXzPlH_qBGWT8turbiY_ZzPGvfHtK89UiPW_BfvW_UgJZwDNs5tWWr_InOcXVN8sa9ug%2C%2C&adx_price=0.072629
35.208.56.33204 No Content 0 B URL HTTP/1.1 adexchangegate.com/adx/openrtb/2/win.php?stamat=m%7C%2C%2Cg3F2diMqoGU3B5-GH0dEdHP3xP.f97%2C3SFiKP2NcMN9v1t6yAm-c8fwVaDuo-t4XjQQOsEPSdq-5vUCYXLvnKdwdKkJ8mzVoLVdBNdSNfTM5Da66GjyWWGXpUSbFklHWYLVmPa35O-Fi9wGIgqFIIjft6_C4VdNWznW7F-1fmqOTNvGlVNVAVh14k2b_zIwuhSn1IyAi7FKQJuID_N214GX9Q89fnuC8dpug8SLqUxnKSU3ZHO566NY3eCRoHG5Xi_xfqEWWPOpq35y7j4F6pmfbOJmGBqnJjY_joBNubDMri_MxWvUAVQPlMKjEgAg3uQqS9I_5a44zVcWqwWO3p3hRhOmlUSrlKMrnW3msY1huFgztBQDXXkmhUqT3IJDt0HtYMCqzJ1BJCyQathk9e4Rjrd2tJDo7C10l0FnqOT7WVeL9VJtv27BUC69nMp9AqwAMJsTC27icSZDKZH6-0L7fodewh4UXjdan11tYNb-rS6HRL3DXLt4yQKUMgLw15FqqDZLbQMpaacViekk60qtkUDKAC6MyQsI5X2PBhNlSHVGkmAXzPlH_qBGWT8turbiY_ZzPGvfHtK89UiPW_BfvW_UgJZwDNs5tWWr_InOcXVN8sa9ug%2C%2C&adx_price=0.072629
IP 35.208.56.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/openrtb/2/win.php?stamat=m%7C%2C%2Cg3F2diMqoGU3B5-GH0dEdHP3xP.f97%2C3SFiKP2NcMN9v1t6yAm-c8fwVaDuo-t4XjQQOsEPSdq-5vUCYXLvnKdwdKkJ8mzVoLVdBNdSNfTM5Da66GjyWWGXpUSbFklHWYLVmPa35O-Fi9wGIgqFIIjft6_C4VdNWznW7F-1fmqOTNvGlVNVAVh14k2b_zIwuhSn1IyAi7FKQJuID_N214GX9Q89fnuC8dpug8SLqUxnKSU3ZHO566NY3eCRoHG5Xi_xfqEWWPOpq35y7j4F6pmfbOJmGBqnJjY_joBNubDMri_MxWvUAVQPlMKjEgAg3uQqS9I_5a44zVcWqwWO3p3hRhOmlUSrlKMrnW3msY1huFgztBQDXXkmhUqT3IJDt0HtYMCqzJ1BJCyQathk9e4Rjrd2tJDo7C10l0FnqOT7WVeL9VJtv27BUC69nMp9AqwAMJsTC27icSZDKZH6-0L7fodewh4UXjdan11tYNb-rS6HRL3DXLt4yQKUMgLw15FqqDZLbQMpaacViekk60qtkUDKAC6MyQsI5X2PBhNlSHVGkmAXzPlH_qBGWT8turbiY_ZzPGvfHtK89UiPW_BfvW_UgJZwDNs5tWWr_InOcXVN8sa9ug%2C%2C&adx_price=0.072629 HTTP/1.1
Host: adexchangegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 204 No Content
Server: openresty
Date: Wed, 07 Dec 2022 02:20:41 GMT
Access-Control-Allow-Origin: *
Via: 1.1 google
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fcss%2Fstyle.css&l=4073&fd=180
173.233.137.52200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fcss%2Fstyle.css&l=4073&fd=180
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fcss%2Fstyle.css&l=4073&fd=180 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fcss%2Fanimate.css&l=79245&fd=179
173.233.137.52200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fcss%2Fanimate.css&l=79245&fd=179
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fwindows%2F2%2Fcss%2Fanimate.css&l=79245&fd=179 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
clergymanwonderful.com/impr.gif?sid=H4sIAAAAAAAC%2F3SWS6zjWFrHk55GQrBAg9iAhHQ1lxqBNLnx%2B9HNqJQ4L%2BdhJzeOnUQlBdvn2D6J3z62k6xGDEKzQRSrQWJz61T3NPPg0WxYoEHoFhtUEqIvC6iWKHaseWnECqF7q1ANYvqT5fMdf2fx%2F5%2Fv56Pz28%2FK1w2KlPar%2BSw5ozC02%2FwVdfGrFopBUhcXmnFBU1fUhxcWigXuw4vj%2FSuvPqAp%2For6tYshdA9Jm6FoiqIp%2BmKAcuglx%2FZDlaD0BzJ9JVNXHHNF8xw55v93XpRNUthNAqrXjZ8nCNz9VPA3nxLk3pI4%2BtMeLA44Sb%2FWj8rQxklOKvDJKj7ESR2T6F3q5U3ixZ%2B8XU2S4q7R%2BP33SBJ%2F8tYBSaqP7h0QB901mv9AEyf%2B5K1M4lQfv1HqhATGxAE%2FS%2BrqlsDwliD7lrjJNwkCnzUIcQHRdBJH39GSvLZPb6r2ffWu8f6P%2FoOg%2Bq7x%2Fj%2F9AomjP%2B6G6HixTMISoyQuyNG7Ieh4S5B%2FS9LyBcHnJkH1C%2BLi3yQI%2FG2j%2FaMpiaOP9CJMCAKvfoUXJZFiHL7FMq7T4hzRaUmM4LYA4zk05Qo8S9kPW4TQLUHeLQnhU2IXXyJl0SQlapLSa5IybZIIvLqwedmjKNFzPJaVONd1WdZ1eUkAPGA5yaNI6d57eEpw%2BpS44VPi5t8gaf4NckBPSV7%2BFSmCG1KAJilwg1TghtSwQeqiQWq7QWrUIDVukLq6%2BRiEBVPcfAeERenQb0fm7cjePE%2Bw%2F8z%2BOME%2BjBvP0teNLz9s3H%2F%2F3D%2BSA3x1QdGeB1gBeI4LWcALsmN7EpA4wQWi4wo8KdANQcV7xC6a5HzfxT%2F6GknRXaPxF%2F9JHPsFKcIXxEVfJnb5y8Sun4sMRezgOSdR5Bx%2FD0fQzuMrN4kISG5Iit8n%2BNR8Fr5u%2FOKDCvar%2F06g%2B%2FLxn3377w4%2F%2FMtfJ25%2BQ9L8huzRXzeIH37r%2BXVSNz66Tuqi8ameYhShs33f2iW2MWx8bwJPdZIDtVc8%2FW7HvS%2Fcpz8wYIGndgxQ7BeN73cRADAfJLkLGz9UCws687IIumUel%2Bl0rgzUKM1hUaAkviU2%2BswxiYvuGj%2F94mceoP0l8AcE5S9IXn7e%2FLcA4%2FSDdtsG8OgGduxD38bw3l0bJG33Kg3SxwW2Ixt%2FPXokKo%2BY%2B6cTQBYzKoOHK7Y7locjCvTBaM4e51eQlx4xSrWS8HoXKBtKlA9cWLqBPZxl%2BpqbjrE66%2Ba%2BW0wQJx5nS1DEVW9ZQbOmrd2iPNGZEpvzzoCz10eBqk29y4rV8LgVk6TrRoq6noWGq8U5jEW%2Fq6%2FEZRUWQXGwdvPdAs3PfhoLZsXqMzXqx168ojA9NHeQzQeL3FknHAx9M6WGerqPpbiGkO7jejyih6jVzccnI15u%2BckokL2TytDn%2BDigdF4v3GLiD8WtesYW2GTT2uXFuXLQBnRk0iV7QBKtcnUmzg%2FbzFE7B28od6fXVqtabLWcbu27dLzIGcVlOUpbbbTOubsVVW%2BXrQsU%2Bx5tFXtjaAbWfnPIinRUczpu7dO1eDz1zMlxouvFeSyaS29ZB9cVjodCrqUTpwPO16w386PMm%2FNpl1JMuQqnMwbbnDs1RB%2Bcc8V3OrvWWZ6FgbzuJ93Fm%2BaRqHz5%2BF8bD0FQckvc9Lf%2B8PJSVXTt8vLVb9zzUHzQbrt5DtPkAQR4xI4dt1lKkBmJYqi2m0MbowoWbYblOYYSuTYv2hwQGIqBEuvZjCNRlCw4EADIC7zogZ0ocNRVGvvfvbw0VGPav7z8vgYhuLAvzLn2%2BE8uL3v9pXKtzg31XsefK0mU2jm8wAG8cGCB71ddXV19enk515dGt6NMdqvr6fLy8vP3Xn3lgeEn7Sc%2FgeL7b8cn7SSFcY6dJ23mSbtG8U%2FG2mcHDECzLLnHmm%2F9ONaeLD5iFHY5QJM5o7kzTa5oLJw6UcuVvNq0e2XSwtx6v1joRX%2B%2BBFmLr1bKZj2t4gmoweQwlqKzmUxN0NXAUvOMGd%2BzBWG4P1nWcJ2uls7gEI6szdSM5jbL660Bkuuh6mcDVd17WNgpnAk06xxb4qBFe1GmG1o1DE3N7JgBzR0YZ3dW6zJYxrR66iBxMFmMS7W30xiaG67lhSR7calIIC19aTnNVsd4slyx25HOC4K2YaFynYyG%2FBrtjl7Wt6y5nmYsfxL33EBII8%2FRx9Gwm8Xj%2FWa3T7pa6fRmOdrNjla16piLeTib7Pt%2Bx2fLRbaU1R1vc9zZdK2stnQ2ZYPrQI%2FC1TIPJ7M8ttio2NBBOfDPuLvordeHKFhlBquOe5ga4c1Myc5jujtWTgsbBwcZctf7HDB43EtEhaZCahBnuiFaJpzK5hhXjNhdKYIcz1K5k9Wd2bgwFEZE7nLbm2xHQouail4CYB1wq%2FUe2DFN443mtPKlMLqesr31FHOnxWQ186c1zQ%2ByrLedOotZatuuieDhIFAZPqx6k44izE6LQuXXzLwbaOFyZA4PUWd9noejXdYdWoaEy9xBm932PB9W3ghPJHmF5tau61XWbuWPt3VPK3hsWflOjXV3bWpSYcul%2Fwa%2Br9rguEtz5MKvU1eUyAiM%2FBVSpC8bb4MUSYPk4bu5kzZJXX7%2B3mdffILb4Pi%2F5LeZL%2BZ%2BEWz2HPJy%2FP%2B5F0XuEaOcjN6B5RZcKUYYOPTUrLi1mJ1WhWtmLXPNLiaZ3onFKFp2R3a3VeuGM1Jco2UGxXgZlLq%2Bz3qStZgqk0hzu7tNKvsGVgI6iM6HweSAJ3m%2FlbBrbnzmB8ahng%2BnbKVCxx8VyFUKzG6zab9jQDsf47kRX4%2FVRaxLg36hIp6bQzjZczOnXyqd6VaZ1WZvEnTU6VmzT6eJ6pxTvMLp8cRVzriMk2mdREbECfNsVHlxtz%2FI8ECdzFtiebLNItdMt6J6OS2Y3c5%2BuxK68Wm6Om5tYcM6Pp5XIE9FyvSUhaYl15Tr7tfuxuGYmcZFqRNSeOMNkwhVqMU4hXI4TZYtdUfJvARCC%2B23%2B4F%2F3KtTVSoXnZziq2B9EDesarSMntPLGJfL%2Bi5nJjIdb5dBoVYZk1odPVHrMkrNTiDtlaFZK9k1PzaEsGS7U%2BvUUVtbqE3tiB2vOIOx5oFXG6Ph5uQvt8tsqxxCSbMW61VrPNqH2trd%2BRMvlfSkR1ETxjUMcbafORrclv0N7E01egoH%2BZxTh%2FNJrsTncXnSQbntgE2EvVNhnHYjmaXUmaVqwUaN4I52W%2BpsE65bA1G8liVd0%2FrdzWAJSwZpddg%2FjGQUq7Zt2DU8%2BFqYcVGityqmU%2FbUzhdy%2FzxnnHf3pxDdNeR%2FaZAQvnz87d%2FR%2F%2FlDsCW2c0MK%2BGP%2Fwrv8WfEt4udNYuNvkji6IVV%2BQ6rwhtjhU1KUX3qO0%2Fzl479nH4I4YfO5E%2BbNj5wwD3%2Fvzd2tQK8ueJqDkiOJLgAOdAEtMqzEUhQDACfKkJYJLu7c3%2F2v0%2F8AAAD%2F%2FwEAAP%2F%2FfhAOo%2B0MAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 clergymanwonderful.com/impr.gif?sid=H4sIAAAAAAAC%2F3SWS6zjWFrHk55GQrBAg9iAhHQ1lxqBNLnx%2B9HNqJQ4L%2BdhJzeOnUQlBdvn2D6J3z62k6xGDEKzQRSrQWJz61T3NPPg0WxYoEHoFhtUEqIvC6iWKHaseWnECqF7q1ANYvqT5fMdf2fx%2F5%2Fv56Pz28%2FK1w2KlPar%2BSw5ozC02%2FwVdfGrFopBUhcXmnFBU1fUhxcWigXuw4vj%2FSuvPqAp%2For6tYshdA9Jm6FoiqIp%2BmKAcuglx%2FZDlaD0BzJ9JVNXHHNF8xw55v93XpRNUthNAqrXjZ8nCNz9VPA3nxLk3pI4%2BtMeLA44Sb%2FWj8rQxklOKvDJKj7ESR2T6F3q5U3ixZ%2B8XU2S4q7R%2BP33SBJ%2F8tYBSaqP7h0QB901mv9AEyf%2B5K1M4lQfv1HqhATGxAE%2FS%2BrqlsDwliD7lrjJNwkCnzUIcQHRdBJH39GSvLZPb6r2ffWu8f6P%2FoOg%2Bq7x%2Fj%2F9AomjP%2B6G6HixTMISoyQuyNG7Ieh4S5B%2FS9LyBcHnJkH1C%2BLi3yQI%2FG2j%2FaMpiaOP9CJMCAKvfoUXJZFiHL7FMq7T4hzRaUmM4LYA4zk05Qo8S9kPW4TQLUHeLQnhU2IXXyJl0SQlapLSa5IybZIIvLqwedmjKNFzPJaVONd1WdZ1eUkAPGA5yaNI6d57eEpw%2BpS44VPi5t8gaf4NckBPSV7%2BFSmCG1KAJilwg1TghtSwQeqiQWq7QWrUIDVukLq6%2BRiEBVPcfAeERenQb0fm7cjePE%2Bw%2F8z%2BOME%2BjBvP0teNLz9s3H%2F%2F3D%2BSA3x1QdGeB1gBeI4LWcALsmN7EpA4wQWi4wo8KdANQcV7xC6a5HzfxT%2F6GknRXaPxF%2F9JHPsFKcIXxEVfJnb5y8Sun4sMRezgOSdR5Bx%2FD0fQzuMrN4kISG5Iit8n%2BNR8Fr5u%2FOKDCvar%2F06g%2B%2FLxn3377w4%2F%2FMtfJ25%2BQ9L8huzRXzeIH37r%2BXVSNz66Tuqi8ameYhShs33f2iW2MWx8bwJPdZIDtVc8%2FW7HvS%2Fcpz8wYIGndgxQ7BeN73cRADAfJLkLGz9UCws687IIumUel%2Bl0rgzUKM1hUaAkviU2%2BswxiYvuGj%2F94mceoP0l8AcE5S9IXn7e%2FLcA4%2FSDdtsG8OgGduxD38bw3l0bJG33Kg3SxwW2Ixt%2FPXokKo%2BY%2B6cTQBYzKoOHK7Y7locjCvTBaM4e51eQlx4xSrWS8HoXKBtKlA9cWLqBPZxl%2BpqbjrE66%2Ba%2BW0wQJx5nS1DEVW9ZQbOmrd2iPNGZEpvzzoCz10eBqk29y4rV8LgVk6TrRoq6noWGq8U5jEW%2Fq6%2FEZRUWQXGwdvPdAs3PfhoLZsXqMzXqx168ojA9NHeQzQeL3FknHAx9M6WGerqPpbiGkO7jejyih6jVzccnI15u%2BckokL2TytDn%2BDigdF4v3GLiD8WtesYW2GTT2uXFuXLQBnRk0iV7QBKtcnUmzg%2FbzFE7B28od6fXVqtabLWcbu27dLzIGcVlOUpbbbTOubsVVW%2BXrQsU%2Bx5tFXtjaAbWfnPIinRUczpu7dO1eDz1zMlxouvFeSyaS29ZB9cVjodCrqUTpwPO16w386PMm%2FNpl1JMuQqnMwbbnDs1RB%2Bcc8V3OrvWWZ6FgbzuJ93Fm%2BaRqHz5%2BF8bD0FQckvc9Lf%2B8PJSVXTt8vLVb9zzUHzQbrt5DtPkAQR4xI4dt1lKkBmJYqi2m0MbowoWbYblOYYSuTYv2hwQGIqBEuvZjCNRlCw4EADIC7zogZ0ocNRVGvvfvbw0VGPav7z8vgYhuLAvzLn2%2BE8uL3v9pXKtzg31XsefK0mU2jm8wAG8cGCB71ddXV19enk515dGt6NMdqvr6fLy8vP3Xn3lgeEn7Sc%2FgeL7b8cn7SSFcY6dJ23mSbtG8U%2FG2mcHDECzLLnHmm%2F9ONaeLD5iFHY5QJM5o7kzTa5oLJw6UcuVvNq0e2XSwtx6v1joRX%2B%2BBFmLr1bKZj2t4gmoweQwlqKzmUxN0NXAUvOMGd%2BzBWG4P1nWcJ2uls7gEI6szdSM5jbL660Bkuuh6mcDVd17WNgpnAk06xxb4qBFe1GmG1o1DE3N7JgBzR0YZ3dW6zJYxrR66iBxMFmMS7W30xiaG67lhSR7calIIC19aTnNVsd4slyx25HOC4K2YaFynYyG%2FBrtjl7Wt6y5nmYsfxL33EBII8%2FRx9Gwm8Xj%2FWa3T7pa6fRmOdrNjla16piLeTib7Pt%2Bx2fLRbaU1R1vc9zZdK2stnQ2ZYPrQI%2FC1TIPJ7M8ttio2NBBOfDPuLvordeHKFhlBquOe5ga4c1Myc5jujtWTgsbBwcZctf7HDB43EtEhaZCahBnuiFaJpzK5hhXjNhdKYIcz1K5k9Wd2bgwFEZE7nLbm2xHQouail4CYB1wq%2FUe2DFN443mtPKlMLqesr31FHOnxWQ186c1zQ%2ByrLedOotZatuuieDhIFAZPqx6k44izE6LQuXXzLwbaOFyZA4PUWd9noejXdYdWoaEy9xBm932PB9W3ghPJHmF5tau61XWbuWPt3VPK3hsWflOjXV3bWpSYcul%2Fwa%2Br9rguEtz5MKvU1eUyAiM%2FBVSpC8bb4MUSYPk4bu5kzZJXX7%2B3mdffILb4Pi%2F5LeZL%2BZ%2BEWz2HPJy%2FP%2B5F0XuEaOcjN6B5RZcKUYYOPTUrLi1mJ1WhWtmLXPNLiaZ3onFKFp2R3a3VeuGM1Jco2UGxXgZlLq%2Bz3qStZgqk0hzu7tNKvsGVgI6iM6HweSAJ3m%2FlbBrbnzmB8ahng%2BnbKVCxx8VyFUKzG6zab9jQDsf47kRX4%2FVRaxLg36hIp6bQzjZczOnXyqd6VaZ1WZvEnTU6VmzT6eJ6pxTvMLp8cRVzriMk2mdREbECfNsVHlxtz%2FI8ECdzFtiebLNItdMt6J6OS2Y3c5%2BuxK68Wm6Om5tYcM6Pp5XIE9FyvSUhaYl15Tr7tfuxuGYmcZFqRNSeOMNkwhVqMU4hXI4TZYtdUfJvARCC%2B23%2B4F%2F3KtTVSoXnZziq2B9EDesarSMntPLGJfL%2Bi5nJjIdb5dBoVYZk1odPVHrMkrNTiDtlaFZK9k1PzaEsGS7U%2BvUUVtbqE3tiB2vOIOx5oFXG6Ph5uQvt8tsqxxCSbMW61VrPNqH2trd%2BRMvlfSkR1ETxjUMcbafORrclv0N7E01egoH%2BZxTh%2FNJrsTncXnSQbntgE2EvVNhnHYjmaXUmaVqwUaN4I52W%2BpsE65bA1G8liVd0%2FrdzWAJSwZpddg%2FjGQUq7Zt2DU8%2BFqYcVGityqmU%2FbUzhdy%2FzxnnHf3pxDdNeR%2FaZAQvnz87d%2FR%2F%2FlDsCW2c0MK%2BGP%2Fwrv8WfEt4udNYuNvkji6IVV%2BQ6rwhtjhU1KUX3qO0%2Fzl479nH4I4YfO5E%2BbNj5wwD3%2Fvzd2tQK8ueJqDkiOJLgAOdAEtMqzEUhQDACfKkJYJLu7c3%2F2v0%2F8AAAD%2F%2FwEAAP%2F%2FfhAOo%2B0MAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F3SWS6zjWFrHk55GQrBAg9iAhHQ1lxqBNLnx%2B9HNqJQ4L%2BdhJzeOnUQlBdvn2D6J3z62k6xGDEKzQRSrQWJz61T3NPPg0WxYoEHoFhtUEqIvC6iWKHaseWnECqF7q1ANYvqT5fMdf2fx%2F5%2Fv56Pz28%2FK1w2KlPar%2BSw5ozC02%2FwVdfGrFopBUhcXmnFBU1fUhxcWigXuw4vj%2FSuvPqAp%2For6tYshdA9Jm6FoiqIp%2BmKAcuglx%2FZDlaD0BzJ9JVNXHHNF8xw55v93XpRNUthNAqrXjZ8nCNz9VPA3nxLk3pI4%2BtMeLA44Sb%2FWj8rQxklOKvDJKj7ESR2T6F3q5U3ixZ%2B8XU2S4q7R%2BP33SBJ%2F8tYBSaqP7h0QB901mv9AEyf%2B5K1M4lQfv1HqhATGxAE%2FS%2BrqlsDwliD7lrjJNwkCnzUIcQHRdBJH39GSvLZPb6r2ffWu8f6P%2FoOg%2Bq7x%2Fj%2F9AomjP%2B6G6HixTMISoyQuyNG7Ieh4S5B%2FS9LyBcHnJkH1C%2BLi3yQI%2FG2j%2FaMpiaOP9CJMCAKvfoUXJZFiHL7FMq7T4hzRaUmM4LYA4zk05Qo8S9kPW4TQLUHeLQnhU2IXXyJl0SQlapLSa5IybZIIvLqwedmjKNFzPJaVONd1WdZ1eUkAPGA5yaNI6d57eEpw%2BpS44VPi5t8gaf4NckBPSV7%2BFSmCG1KAJilwg1TghtSwQeqiQWq7QWrUIDVukLq6%2BRiEBVPcfAeERenQb0fm7cjePE%2Bw%2F8z%2BOME%2BjBvP0teNLz9s3H%2F%2F3D%2BSA3x1QdGeB1gBeI4LWcALsmN7EpA4wQWi4wo8KdANQcV7xC6a5HzfxT%2F6GknRXaPxF%2F9JHPsFKcIXxEVfJnb5y8Sun4sMRezgOSdR5Bx%2FD0fQzuMrN4kISG5Iit8n%2BNR8Fr5u%2FOKDCvar%2F06g%2B%2FLxn3377w4%2F%2FMtfJ25%2BQ9L8huzRXzeIH37r%2BXVSNz66Tuqi8ameYhShs33f2iW2MWx8bwJPdZIDtVc8%2FW7HvS%2Fcpz8wYIGndgxQ7BeN73cRADAfJLkLGz9UCws687IIumUel%2Bl0rgzUKM1hUaAkviU2%2BswxiYvuGj%2F94mceoP0l8AcE5S9IXn7e%2FLcA4%2FSDdtsG8OgGduxD38bw3l0bJG33Kg3SxwW2Ixt%2FPXokKo%2BY%2B6cTQBYzKoOHK7Y7locjCvTBaM4e51eQlx4xSrWS8HoXKBtKlA9cWLqBPZxl%2BpqbjrE66%2Ba%2BW0wQJx5nS1DEVW9ZQbOmrd2iPNGZEpvzzoCz10eBqk29y4rV8LgVk6TrRoq6noWGq8U5jEW%2Fq6%2FEZRUWQXGwdvPdAs3PfhoLZsXqMzXqx168ojA9NHeQzQeL3FknHAx9M6WGerqPpbiGkO7jejyih6jVzccnI15u%2BckokL2TytDn%2BDigdF4v3GLiD8WtesYW2GTT2uXFuXLQBnRk0iV7QBKtcnUmzg%2FbzFE7B28od6fXVqtabLWcbu27dLzIGcVlOUpbbbTOubsVVW%2BXrQsU%2Bx5tFXtjaAbWfnPIinRUczpu7dO1eDz1zMlxouvFeSyaS29ZB9cVjodCrqUTpwPO16w386PMm%2FNpl1JMuQqnMwbbnDs1RB%2Bcc8V3OrvWWZ6FgbzuJ93Fm%2BaRqHz5%2BF8bD0FQckvc9Lf%2B8PJSVXTt8vLVb9zzUHzQbrt5DtPkAQR4xI4dt1lKkBmJYqi2m0MbowoWbYblOYYSuTYv2hwQGIqBEuvZjCNRlCw4EADIC7zogZ0ocNRVGvvfvbw0VGPav7z8vgYhuLAvzLn2%2BE8uL3v9pXKtzg31XsefK0mU2jm8wAG8cGCB71ddXV19enk515dGt6NMdqvr6fLy8vP3Xn3lgeEn7Sc%2FgeL7b8cn7SSFcY6dJ23mSbtG8U%2FG2mcHDECzLLnHmm%2F9ONaeLD5iFHY5QJM5o7kzTa5oLJw6UcuVvNq0e2XSwtx6v1joRX%2B%2BBFmLr1bKZj2t4gmoweQwlqKzmUxN0NXAUvOMGd%2BzBWG4P1nWcJ2uls7gEI6szdSM5jbL660Bkuuh6mcDVd17WNgpnAk06xxb4qBFe1GmG1o1DE3N7JgBzR0YZ3dW6zJYxrR66iBxMFmMS7W30xiaG67lhSR7calIIC19aTnNVsd4slyx25HOC4K2YaFynYyG%2FBrtjl7Wt6y5nmYsfxL33EBII8%2FRx9Gwm8Xj%2FWa3T7pa6fRmOdrNjla16piLeTib7Pt%2Bx2fLRbaU1R1vc9zZdK2stnQ2ZYPrQI%2FC1TIPJ7M8ttio2NBBOfDPuLvordeHKFhlBquOe5ga4c1Myc5jujtWTgsbBwcZctf7HDB43EtEhaZCahBnuiFaJpzK5hhXjNhdKYIcz1K5k9Wd2bgwFEZE7nLbm2xHQouail4CYB1wq%2FUe2DFN443mtPKlMLqesr31FHOnxWQ186c1zQ%2ByrLedOotZatuuieDhIFAZPqx6k44izE6LQuXXzLwbaOFyZA4PUWd9noejXdYdWoaEy9xBm932PB9W3ghPJHmF5tau61XWbuWPt3VPK3hsWflOjXV3bWpSYcul%2Fwa%2Br9rguEtz5MKvU1eUyAiM%2FBVSpC8bb4MUSYPk4bu5kzZJXX7%2B3mdffILb4Pi%2F5LeZL%2BZ%2BEWz2HPJy%2FP%2B5F0XuEaOcjN6B5RZcKUYYOPTUrLi1mJ1WhWtmLXPNLiaZ3onFKFp2R3a3VeuGM1Jco2UGxXgZlLq%2Bz3qStZgqk0hzu7tNKvsGVgI6iM6HweSAJ3m%2FlbBrbnzmB8ahng%2BnbKVCxx8VyFUKzG6zab9jQDsf47kRX4%2FVRaxLg36hIp6bQzjZczOnXyqd6VaZ1WZvEnTU6VmzT6eJ6pxTvMLp8cRVzriMk2mdREbECfNsVHlxtz%2FI8ECdzFtiebLNItdMt6J6OS2Y3c5%2BuxK68Wm6Om5tYcM6Pp5XIE9FyvSUhaYl15Tr7tfuxuGYmcZFqRNSeOMNkwhVqMU4hXI4TZYtdUfJvARCC%2B23%2B4F%2F3KtTVSoXnZziq2B9EDesarSMntPLGJfL%2Bi5nJjIdb5dBoVYZk1odPVHrMkrNTiDtlaFZK9k1PzaEsGS7U%2BvUUVtbqE3tiB2vOIOx5oFXG6Ph5uQvt8tsqxxCSbMW61VrPNqH2trd%2BRMvlfSkR1ETxjUMcbafORrclv0N7E01egoH%2BZxTh%2FNJrsTncXnSQbntgE2EvVNhnHYjmaXUmaVqwUaN4I52W%2BpsE65bA1G8liVd0%2FrdzWAJSwZpddg%2FjGQUq7Zt2DU8%2BFqYcVGityqmU%2FbUzhdy%2FzxnnHf3pxDdNeR%2FaZAQvnz87d%2FR%2F%2FlDsCW2c0MK%2BGP%2Fwrv8WfEt4udNYuNvkji6IVV%2BQ6rwhtjhU1KUX3qO0%2Fzl479nH4I4YfO5E%2BbNj5wwD3%2Fvzd2tQK8ueJqDkiOJLgAOdAEtMqzEUhQDACfKkJYJLu7c3%2F2v0%2F8AAAD%2F%2FwEAAP%2F%2FfhAOo%2B0MAAA%3D HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 576c7c992bd987c4bc795a44f5948802
Strict-Transport-Security: max-age=0; includeSubdomains
clergymanwonderful.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Cookie: u_pl=16650200; uid_id2=578702b5-32cb-4b7b-826c-d2fb10c6530a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 02:20:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/rtb/windows/2/css/style.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/windows/2/css/style.css
IP 172.64.108.13:0
GET /sb/notifications/rtb/windows/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: text/css
last-modified: Mon, 17 May 2021 12:00:36 GMT
etag: W/"60a25ae4-fe9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58210
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlNwCvq4oLQSX%2B2EtGOHqbVZX9h2asU2JDF9kzILRd%2FHFqXc305hCjenSpiZFt2B0agwmaCKT73jf6G0ApEHBvFG6XcMSFrXHc0S%2Fht349o604MwMWcPu41IY2b7y5f81o5DChoZIkvz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c899ce44771f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
crrepo.com/extban/306928020/creatives/23542074/57a4d6202e83fa2b80096bedde5657fd_7640.png
104.21.235.113200 OK 0 B URL HTTP/2 crrepo.com/extban/306928020/creatives/23542074/57a4d6202e83fa2b80096bedde5657fd_7640.png
IP 104.21.235.113:0
GET /extban/306928020/creatives/23542074/57a4d6202e83fa2b80096bedde5657fd_7640.png HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: image/png
last-modified: Sat, 12 Nov 2022 09:34:43 GMT
etag: W/"636f68b3-2132"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 2712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhHNAfJCQCfnsvsBNBPUDGrChn5jXf0O%2Fky55TC%2FhWzYQ41QAA3AoCnIVfMH5g0XIpSGc%2Brw2f9%2FkPwfoNdIGdahtUliDd1JEMp27EoMbaum5%2BHbF7dTjZZOlpho"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c89a3b0023f4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400
IP 142.250.74.106:0
GET /css?family=Montserrat:400,700%7CMuli:300,300i,400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 02:20:38 GMT
date: Wed, 07 Dec 2022 02:20:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.93200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.93:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 28443bf8e9949b1e298e90154123b767
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 02:20:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LbGhZuBL%2F6ZDi6Llm8ppM5i%2Fl6eOCEynzsHkPBJG5RBBdrmV0ZpRIAE0aQTNpZSEGVgLCoBtwYI3HiEHbttmgMGota0mz4tnwUB75H4Q0pI%2Fx1ODnoL5T4oP%2FZFfFcZ%2FwnwrTEQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c8921b6874c5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/windows/2/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/windows/2/js/script.js
IP 172.64.108.13:0
GET /sb/notifications/rtb/windows/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: application/javascript
last-modified: Mon, 17 May 2021 11:56:22 GMT
etag: W/"60a259e6-17c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58210
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aNYIrUbjFYxJDOp6DbfN%2FgrD6euAgA03Um1%2Fnd9gw7dc3Glf0U0Zol9OY%2FJ0LDBkUVCPKCauVJcBPWRmlwV0SbRmKSe7jonAewxIwFfGVsbaMi4MNbLHkrA6t043edVpwtATxDxlXtD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c899ce48771f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/windows/2/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/windows/2/css/animate.css
IP 172.64.108.13:0
GET /sb/notifications/rtb/windows/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cutpaid.com
Connection: keep-alive
Referer: https://cutpaid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 02:20:41 GMT
content-type: text/css
last-modified: Mon, 17 May 2021 12:00:37 GMT
etag: W/"60a25ae5-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58210
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7%2Bt84uZ%2BM3S4b%2B6hsMfGjq8SlS7qiPNCU0DuUAJLClvz9rx%2BiseAedOPwTrfd%2BYVV8gURRazRaMjlJrUVzIE3PtPILMF8rsdRGyN82of3kZTJfovIb7K04loURVxoq0FIU9H7%2BJKhRZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7759c899ce42771f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2