site.geoedge.com/safe_redirect/111e3621f26002e639905cea8f506e28/?url=aHR0cHM6Ly9tZXJyeWFuZGZyYW5rZW5zdGVpbi5jb20vP3A9MTU1JnN1YmlkMT0xMTcwMzUxOCZzdWJpZDI9VGhlK1NwZWN1bGF0aW9ucytBYm91dCtNaWtlK0hvbG1lcytIYXZlK0JlZW4rQ29uZmlybWVkJnN1YmlkMz0xODk1OTAzMCZzdWJpZDQ9NDkxOTkyMDkmdXRtX3NvdXJjZT1tZ2lk
208.71.113.121307 Temporary Redirect 0 B URL User Request GET HTTP/1.1 site.geoedge.com/safe_redirect/111e3621f26002e639905cea8f506e28/?url=aHR0cHM6Ly9tZXJyeWFuZGZyYW5rZW5zdGVpbi5jb20vP3A9MTU1JnN1YmlkMT0xMTcwMzUxOCZzdWJpZDI9VGhlK1NwZWN1bGF0aW9ucytBYm91dCtNaWtlK0hvbG1lcytIYXZlK0JlZW4rQ29uZmlybWVkJnN1YmlkMz0xODk1OTAzMCZzdWJpZDQ9NDkxOTkyMDkmdXRtX3NvdXJjZT1tZ2lk
IP 208.71.113.121:443
ASN #33554 ASN-NEUTRAL-DATA
Certificate IssuerSectigo Limited
Subject*.geoedge.com
Fingerprint49:61:D7:BA:5C:3E:89:1C:4E:98:D7:89:1F:FB:38:BB:8F:5F:3F:6C
ValidityThu, 26 Oct 2023 00:00:00 GMT - Mon, 25 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /safe_redirect/111e3621f26002e639905cea8f506e28/?url=aHR0cHM6Ly9tZXJyeWFuZGZyYW5rZW5zdGVpbi5jb20vP3A9MTU1JnN1YmlkMT0xMTcwMzUxOCZzdWJpZDI9VGhlK1NwZWN1bGF0aW9ucytBYm91dCtNaWtlK0hvbG1lcytIYXZlK0JlZW4rQ29uZmlybWVkJnN1YmlkMz0xODk1OTAzMCZzdWJpZDQ9NDkxOTkyMDkmdXRtX3NvdXJjZT1tZ2lk HTTP/1.1
Host: site.geoedge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Thu, 18 Apr 2024 10:17:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ci_session=5lsdgi4ii5p5jkhmth2jkg9v6ihemi1u; expires=Fri, 19-Apr-2024 10:17:06 GMT; Max-Age=86400; path=/; domain=.geoedge.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
merryandfrankenstein.com/wp-content/uploads/2024/01/logo.png
172.67.134.124200 OK 51 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/2024/01/logo.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 1974 x 363, 8-bit/color RGBA, non-interlaced
Hash 3ec1c82c48f3223983d58db717d99010
cbc30565cc66bef6e31baf68e4f828de04b3c340
005649840ff50e45ab8a5430e963512362838af989a492b976f1a8c4b919ab9a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2024/01/logo.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 50895
last-modified: Tue, 16 Jan 2024 14:19:46 GMT
etag: "65a69082-c6cf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y91ElefC%2FSiwaGlSZpn%2BDRxwc5U%2FxoHhcq2ijDvouHfYzsHwqqK7UKTlQIpn8r4%2ByatsQZWgBGrvTK%2BGbugZbq4w8KYthut9r8v5ILH6TKLwEnRiHxtxeGz5KTUZZG9RXfNbitAPVUuHFRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7419dc9b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/uploads/2024/01/fav-100x100.png
172.67.134.124200 OK 5.7 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/2024/01/fav-100x100.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Hash e5a29d9c4381179a72debbd1c1053464
67e22489f371cade4da7b13c5265bd9333fd03b1
8ecf2adc52f261045f3fb78899d1800ff964d49f80df66be64b88817e7739e47
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2024/01/fav-100x100.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 5699
last-modified: Tue, 16 Jan 2024 15:08:47 GMT
etag: "65a69bff-1643"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDUHmpnGrArrb03f5%2FSMY1m2fkTbnrUwPRmgL%2BM%2F1o4IewNbN%2F3BJ%2FLK2UBRbHIlYF9m5Y1GHlTj%2FoK5cfq9s%2FQw8M%2FPSoPWefUDIo7WoJXfoK98MIhGBxtCPncPZwRJ1ys%2FVt0XD%2BNQAVw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e741add3b4ee-OSL
alt-svc: h3=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
104.17.25.14200 OK 27 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP 104.17.25.14:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 27446
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64ed75bb-6b36"
last-modified: Tue, 29 Aug 2023 04:36:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 237568
expires: Tue, 08 Apr 2025 10:17:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZh9QFuFMxPmibKtIAQMGgpcOOl7OQSMcSfC3hOteK9nQ3OG3%2Ba%2Ba4ebL5UJ0S3%2F26FdIbTKve%2Bj%2Bwa8i5nslhVqdyrUbZBaM%2BGkm3OyDYnJwlDdSWDMgs2Uy7qO9%2BTu8cl%2BJPII"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8763e741eecfb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
104.18.11.207200 OK 6.5 kB URL GET HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
IP 104.18.11.207:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File type ASCII text, with very long lines (26548)
Hash 0831cba6a670e405168b84aa20798347
05ea25bc9b3ac48993e1fee322d3bc94b49a6e22
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"0831cba6a670e405168b84aa20798347"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/18/2022 06:19:10
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 12fce6e1ed97d04b1f68642e02a84dd4
cdn-cache: HIT
cf-cache-status: HIT
age: 12469642
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8763e741de94568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
merryandfrankenstein.com/wp-content/themes/soledad/main.css
172.67.134.124200 OK 116 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/main.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 116 kB (116330 bytes)
Hash 962f85dc8f48722d376400ac56ca55bb
0526cd768591168e2a523120541a01305abf0278
c259c7ca4b4d5a05780160a7c27d6fafb4e3e58b4f4d2023f25bb8abea0dddc3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/main.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=960483
etag: W/"656d5ac8-ea7e3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2FfP%2FY7A%2B5EJJ6nLaPbGY5bDtC0QeQbB7L%2F0Adozo8kn5W3o2TYXE1eSyOio0jj4NEvVh8mDhOUL4m8iR0BMhacbcbpIeQisBJT78ZREOh1TIiEeejEIWeEDGhBvp4ILJF3NdN%2BTE897yuA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d7cb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/fonts/penciicon.ttf
172.67.134.124200 OK 34 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/fonts/penciicon.ttf
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, flaticonRegularflaticonflaticonVersion 1.0flaticonGenerated by svg2ttf from Fontello project.htt
Hash 77070693c3a560ce9392be34be37f2f4
4de87061bbc3aa5713396030a66bcb02b663c903
0c6ba4901cfb68b03ca9a97ce1d7cbb688d6802c60819dd7cea0522aca8a0576
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/fonts/penciicon.ttf HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/css/penci-icon.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/octet-stream
content-length: 33648
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
etag: "656d5ac8-8370"
cache-control: max-age=120
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGPonW20zXfU16gD8hVCXbcByWcyi7Ye9NU9OtOivKbhg%2Fk91h35zpIkt2XobDO1jh9kq5PGQuAu6v%2BfSDQJaPQZvInN8gKRXc%2FIBgfLCPsqI%2FGS%2B7K%2Br1ae7sroFpdvMRCLloCQ3FfIiEA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7441c24b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-includes/css/dist/block-library/style.min.css
172.67.134.124200 OK 15 kB URL GET HTTP/3 merryandfrankenstein.com/wp-includes/css/dist/block-library/style.min.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (57084)
Hash 99ab466e0866c823ae5db517d59cebd1
5595a586cbd42b31377681b9d35293278d75d336
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
last-modified: Tue, 16 Jan 2024 14:23:49 GMT
vary: Accept-Encoding
etag: W/"65a69175-1add3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGaA%2FrnlWmkwCMJbBXSH%2B5D6udkR5fwOxpuOyHDBbnGlT0FlUZPogR%2BIPphG%2BUIYrPKnK%2BwN6E4xg%2F8fYGF5bzp973uy4uf72qUiNixNO0ZjBjIjqJQ89geKNRDBoxNvVzzsuecQiZO%2B5D4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d75b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.99200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Hash 015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 180756
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
142.250.74.99200 OK 50 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 50296, version 1.0
Hash b02ab8b0d683a0457568340dba20309e
e18c3b8737970d37be1bb85b0f588303a89e63bb
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
GET /s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 50296
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 22:10:18 GMT
expires: Tue, 15 Apr 2025 22:10:18 GMT
cache-control: public, max-age=31536000
age: 216410
last-modified: Thu, 14 Dec 2023 02:10:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/icons/googlelogo_dark_color.png
172.67.134.124200 OK 1.8 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/icons/googlelogo_dark_color.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 168 x 56, 8-bit gray+alpha, non-interlaced
Hash 2f9aeeb8a52a48b0a82d2c9553e25e0e
f70f7af90f3d368822d17d6805ea9de47371450e
e5c2769cc0c017cdf5046fc91cf37255c139a06ddfd50c7814bd5921e0e30c29
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/icons/googlelogo_dark_color.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 1796
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
etag: "659e8333-704"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EGZ6wi4K9kMPlFpGqzWZGTbr5noWZzUZdEi%2B8xPNabEBXZmXT%2BHEnbqOBFHzqAp7PApuoLA8qLGQr3tV1jV1%2F6YsqpwsAO7wQgCzfuetluPC6Outw2xISGzy7t8hNhbWbJ9e1bmhk%2FIXJJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7451ebab4ee-OSL
alt-svc: h3=":443"; ma=86400
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.99200 OK 33 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Hash 057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 02:14:58 GMT
expires: Wed, 16 Apr 2025 02:14:58 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 201730
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
142.250.74.99200 OK 45 kB URL GET HTTP/2 fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 45300, version 1.0
Hash 5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 14:46:19 GMT
expires: Fri, 11 Apr 2025 14:46:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
content-type: font/woff2
age: 588649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
142.250.74.99200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 47048, version 1.0
Hash 87a1556b696ae2cb1a726bd8c4584a2f
1be0f6f39e0cf316f9827f945eeeaef8294cc37b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:50:17 GMT
expires: Fri, 18 Apr 2025 02:50:17 GMT
cache-control: public, max-age=31536000
age: 26811
last-modified: Wed, 27 Apr 2022 16:55:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.99200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Hash 015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 180756
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
142.250.74.99200 OK 50 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 50296, version 1.0
Hash b02ab8b0d683a0457568340dba20309e
e18c3b8737970d37be1bb85b0f588303a89e63bb
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
GET /s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 50296
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 22:10:18 GMT
expires: Tue, 15 Apr 2025 22:10:18 GMT
cache-control: public, max-age=31536000
age: 216410
last-modified: Thu, 14 Dec 2023 02:10:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.99200 OK 33 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Hash 057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 02:14:58 GMT
expires: Wed, 16 Apr 2025 02:14:58 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 201730
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COpen+Sans%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap
142.250.74.170200 OK 67 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Montserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COpen+Sans%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap
IP 142.250.74.170:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File type gzip compressed data, max compression
Hash 13f93c1125034c727f38f0744ff31110
c7bf91237fa1fc15679c0ed698f4b2d607a27cb0
89f2267abdc8aa2b94f09da802a9263f8e3fe29c8f90e88e676cb6e15d8dae4b
GET /css?family=Montserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COpen+Sans%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 10:17:08 GMT
date: Thu, 18 Apr 2024 10:17:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.99200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.99:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Hash 015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 180756
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/icons/googlelogo_dark_color.png
172.67.134.124200 OK 1.8 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/icons/googlelogo_dark_color.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 168 x 56, 8-bit gray+alpha, non-interlaced
Hash 2f9aeeb8a52a48b0a82d2c9553e25e0e
f70f7af90f3d368822d17d6805ea9de47371450e
e5c2769cc0c017cdf5046fc91cf37255c139a06ddfd50c7814bd5921e0e30c29
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/icons/googlelogo_dark_color.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 1796
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
etag: "659e8333-704"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TgHAp5SpjmkRCC%2FnvZAUrSd%2BBXl%2FdWikKIUZf%2B3WUXf%2B4RiJHCATZnEGnbTXFGOA%2BAnjdu4QNBnDoD1aHqF4pmnhh1Ubb%2BiEcMONpzVH9hfiIorRvvfXsR3VzqO5qpl95Ywrqhs38xVlOyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7469a46b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/style/reset_css.css
172.67.134.124200 OK 49 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/style/reset_css.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (2869), with no line terminators
Hash 909ce8697feff17d9d000177b03582d2
93c4ea8e00e36c1ec34ba1aa28d722c55ff5a51a
4d63e3ff33b30f35bf73b22bbf6766738fa95c7328f9bed19917b015423a88ba
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/style/reset_css.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
etag: W/"659e8333-b35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCNL77VeIHLIm%2FItPoJooPKGZUbiQIFXKfEdwH%2FRG6999EAuFleEepCzF4vCD9nDS4LMVuFvtqmg%2FdNNn3Aq9gGc%2B712TF%2FfUR8m%2BPcKdvpNHvUFhfNQqHzw7shYurCbeVfEvWb8kbKSSZc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7451eb3b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/uploads/2024/03/f2dc4bbab48572cf1ed3549d2196e36e.jpg
172.67.134.124200 OK 97 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/2024/03/f2dc4bbab48572cf1ed3549d2196e36e.jpg
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 940x705, components 3
Hash a47d89a2b2b005a42699adafccf10f99
319c09e19fd0e76e2b6afb00b1a1cd6a6a196d48
b93ae3d1c19fea6e84804a3cf1f90841093bcb91d60d3657c980531056736b69
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2024/03/f2dc4bbab48572cf1ed3549d2196e36e.jpg HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/jpeg
content-length: 97164
last-modified: Wed, 13 Mar 2024 20:48:29 GMT
etag: "65f2111d-17b8c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6jFVoeduinATTCcZQ7RL8LkkYihNBqjd16ULoxavNwr3kHeDxEqd22J7UriZOdcVOcgZ6IOy5cg0hHFyy5G2Czlx5%2FObBUjGTC%2Fhod1iMWjZcQ9w5J5%2BcKyF9dWxdcDyy9oswVnhMcNLiq0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e746aa51b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/uploads/2024/01/fav.png
172.67.134.124200 OK 33 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/2024/01/fav.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Hash e151651cb6414ae91b46d19655d0d3c6
bd43377e50ef586c9ce385ee0608d9c12597c514
b946d6f5f0ac847072d458b461f30a0bfbb692c26257d5933ddb5ceff8d31e6e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2024/01/fav.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 32733
last-modified: Tue, 16 Jan 2024 14:19:44 GMT
etag: "65a69080-7fdd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 199295
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qjnbu1pcBheJd8r10KaEoJUD8H4SaHWWlW%2BIdhI9ogV1zEJLqsA35F8VWa%2Fd%2BXuNd6Oc%2F2BeM51yMDyhejj1h9ZlDjQbefJeJsjk5dFBFUZmRj%2FnluEXsIisDbL%2B8ud2D9VS9O%2BMtiuYFtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7470b45b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/uploads/2024/01/fav.png
172.67.134.124200 OK 33 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/2024/01/fav.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Hash e151651cb6414ae91b46d19655d0d3c6
bd43377e50ef586c9ce385ee0608d9c12597c514
b946d6f5f0ac847072d458b461f30a0bfbb692c26257d5933ddb5ceff8d31e6e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2024/01/fav.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 32733
last-modified: Tue, 16 Jan 2024 14:19:44 GMT
etag: "65a69080-7fdd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 199295
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZkPxv1BZsVG514xciJ%2B6L3Ynpa6gOf2QYLxM4UDqmJ8wZnBviVbpCY%2F3IrssXIKKHrMOzhb4St6h5IX48T%2BRcexJt9qeDHlhcApuoBspCrEmlIqjSEyMAS7voRLYtUsE5odJEFpIV52PJxg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7470b48b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/icons/googlelogo_dark_color.png
172.67.134.124200 OK 1.8 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/icons/googlelogo_dark_color.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 168 x 56, 8-bit gray+alpha, non-interlaced
Hash 2f9aeeb8a52a48b0a82d2c9553e25e0e
f70f7af90f3d368822d17d6805ea9de47371450e
e5c2769cc0c017cdf5046fc91cf37255c139a06ddfd50c7814bd5921e0e30c29
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/icons/googlelogo_dark_color.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/png
content-length: 1796
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
etag: "659e8333-704"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10Pq3LwVEWSNcxMoOOtfzBrG8cNXhpjvrdLdUmXjsxnk%2BTxKjACj2GbJ4ePNWI4%2FSTbL%2F9k1hYId5I4uiZvzaNE2hR9F8Y5mbwH7OvcXAtAiyllKo792ygV7JNfAURZzKhuy%2B9jie9wRP7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e746eaffb4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/img/8.jpg
172.67.134.124200 OK 37 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/img/8.jpg
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2021:09:07 19:03:05], baseline, precision 8, 728x90, components 3
Hash 5309bcf2ecaffb1d5db440d280f6d715
62715c796979d6512e9b786837f01e1817175136
9d16d7599c673ac615284798ba23e8d61def02057382593dd2a8504d19b1bcbe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/img/8.jpg HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:09 GMT
content-type: image/jpeg
content-length: 36600
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
etag: "659e8333-8ef8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c1VksT1oW4rI68Dj6vxL5GIHbd9LZGLhkFts5tjXYhe8QgRvAXTO%2FOSnveg7atmMF9PuuB3ZzsI%2BHdTJ4RvrsxgR9UzAgx1SZDo1gfaFRKRtXV4jzLMWt%2FI%2BKDLFGDssU09qK3H2OrjvBaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7480de4b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
172.67.134.124200 OK 20 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type HTML document, ASCII text
Hash b091c78beb83018e4dd1d8f3793415c5
475fbcc6ed482dcc063736e10d1e31fb0044554d
98aa24004a1e40798e737d8db984df96ea627aa8eddcfc4ba29fc0d70742ec44
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/index.html HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/html
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tArHiWZmaoAFGXM%2BcrUcyWmYhToxeBVjm5l6Ayci7zd6stXUeaUgqfSwaaFmYeUDv86VEvkAQNHpR8biQ8ZAT1BPEUlLh2CQhIB6DEqZJIbqWGc1nunGzZNDHMGZVaFNHvSoTpsNrmKUEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7451eabb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/Ajax/advertising.json
172.67.134.124200 OK 196 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/Ajax/advertising.json
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
Size 196 kB (196457 bytes)
Hash 889daae8ad7423b8c1086104d0300fc8
4028dbbba74a66aa9d920a56a02a6cac273aee50
7dea6e800fa9ae3b436a30c3f97656cb2a035cbf27392d334703838bfa613d4b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/Ajax/advertising.json HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
DNT: 1
Connection: keep-alive
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:09 GMT
content-type: application/json
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
etag: W/"659e8333-c55"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bm6KXq06%2BFwTmR6Fim3xEmEkvEc0eReVfpJLousj0wTY30jG41xDH4H16H1ISr7ujO1JvrC4OD5ILBxiXvY%2B0CFtg1lZc%2F%2FWbW6drELbmBYFkeE%2FZudwxRJKJwWRJt6S1md1PeE1qzrmwyI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e747acddb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/style/reset_css.css
172.67.134.124200 OK 8.6 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/style/reset_css.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (2869), with no line terminators
Hash 909ce8697feff17d9d000177b03582d2
93c4ea8e00e36c1ec34ba1aa28d722c55ff5a51a
4d63e3ff33b30f35bf73b22bbf6766738fa95c7328f9bed19917b015423a88ba
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/style/reset_css.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
etag: W/"659e8333-b35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zcIocQj7OBUDQGcr4Miwatrq1n4PthGMqQF5sRSdOfMGIrkQnBYns2aCs9dEt6YbgW7tUaWFDIAgDiXMmyqTm%2BsQR0I9bKbPx0Pesn0WNXidaMG0ZeiqffctGzQHIvNo4Ejr7GkUPp14deI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e746eaf5b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/Ajax/advertising.json
172.67.134.124200 OK 3.2 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/Ajax/advertising.json
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (3431), with no line terminators
Hash 6e4492b5c2619341f329254fdb76703d
173584d220611ade97a58e95b7f27b609175a82a
7cf103acef60fe21e413d3aa3d65c1021c025c1b1106d149a4b0bee968cba07d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/Ajax/advertising.json HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
DNT: 1
Connection: keep-alive
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/json
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
etag: W/"659e8333-c55"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xl3tR8Gfu9nukJBBNRIZP%2BTuE7XUsdNutd0VzhGdYSkb2AVcuRsbngGOJsDZ20Rh9OaCoyzS4GyaeYmbLpFV4hCp3CzsqXCGwOdbjn2W%2BziibNh0zOj%2FV08skOj2tbZI5EUsYLhbrt89SKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e746ba6eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/Ajax/advertising.json
172.67.134.124200 OK 3.2 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/Ajax/advertising.json
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (3431), with no line terminators
Hash 6e4492b5c2619341f329254fdb76703d
173584d220611ade97a58e95b7f27b609175a82a
7cf103acef60fe21e413d3aa3d65c1021c025c1b1106d149a4b0bee968cba07d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/Ajax/advertising.json HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
DNT: 1
Connection: keep-alive
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/json
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
etag: W/"659e8333-c55"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BNFgp78o5sV1LupmtVqEdGYP8eYQALRmpkRsz1wbyU9%2BG5PFVjhgIqyRLpFSg%2F8Tt7McfVS9Ju5IV09JJjcJSDeA8S7pC4wFO6FpMYkRhOWJBRLSpy5cy79hH4drqUYNcTgeqaa5tQgtt3o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e746fb22b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/53011af0/elementor/assets/lib/swiper/v8/css/swiper.min.css
172.67.134.124200 OK 16 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/53011af0/elementor/assets/lib/swiper/v8/css/swiper.min.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (16214)
Hash a2431bc290cf34e330e11ec4cfce1247
32a53342901fef5f4f4dbb26a555e730f84437a4
c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/53011af0/elementor/assets/lib/swiper/v8/css/swiper.min.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
last-modified: Tue, 16 Jan 2024 14:24:31 GMT
vary: Accept-Encoding
etag: W/"65a6919f-4057"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fj1W20FXK7pQa7BzBWv%2FjbU%2BmYRXGJpK1Ov4UXYS5fEqbieknvD1mOJyy%2FFMAQ9MPFRsKPU%2BoVfKE%2FGzNKPR%2BdL%2Fp7660nCXh2olE1ozdn3cGaWDSfiBbC6CjBaGV1g424YNPZin3UBkt8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419da1b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-includes/js/jquery/jquery.min.js
172.67.134.124200 OK 88 kB URL GET HTTP/3 merryandfrankenstein.com/wp-includes/js/jquery/jquery.min.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
last-modified: Tue, 16 Jan 2024 14:23:49 GMT
vary: Accept-Encoding
etag: W/"65a69175-15601"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukJUZlSUMukESyrNAZANyEWjQZWYN4jT61jvDkkp0xZxuhhoLVWKuuqgHJXNQNLsPq%2Fi0HJNl2pIhsNmj9hp8iju04ddz4glJ3d2XIKcrxqyp2%2Bo5dvf26q2BHtU%2BaLCUz71l6n%2FMBlxUZc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419dc3b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/js/post-like.js
172.67.134.124200 OK 865 B URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/js/post-like.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (881), with no line terminators
Hash dc137641ea6601668fd553d82c531d72
f5e83bde4439d6b1f733ec72fe5ac554528d9531
b9f9a30acdc8df87543d1d81b64ad034ddf7dc3f58b479f9a086d2de4a4a5a2c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/js/post-like.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=1077
etag: W/"656d5ac8-435"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TsQ5mi0YKR7f1D5M2aquEuw3oOOFIN9IyeUWaWKfbIDb3qQZA0RVwDe%2B4UdPFGBUnBYW4COt2XQgD37%2FeRheqgb4ZjiwkaSz77mpBoMk3UTEnJvYws7JYCmZp08WuNX%2BGpVOMjHae%2FMhBGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741be03b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/js/more-post.js
172.67.134.124200 OK 5.4 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/js/more-post.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (5470), with no line terminators
Hash 3a3ca4252a8a3a712a1ce22544ed2c7c
e9fa11a8bde171a50ca3cdb6eb73411ba02157cc
1fe6dfa25d585ca41f99c65161271fb5a51791ee62eea218566c510c72d709d7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/js/more-post.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=13011
etag: W/"656d5ac8-32d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1DDEYHH4zjr%2FvsK1OTvjAZYml%2FskMtO4lePIBrojTlF7L8G6CrGkKAHzpfHuZPgNI5eFPvA2dM2TAM1I55giIfl%2F2nb%2Fo3pQm8dAUfiaSHXZ1BuMOcIeRwGcen7RY7qeHlOrnFfUndGL4LE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741be06b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/53011af0/cookie-law-info/lite/frontend/images/close.svg
172.67.134.124200 OK 1.3 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/53011af0/cookie-law-info/lite/frontend/images/close.svg
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type SVG Scalable Vector Graphics image
Hash cfbcf7628b425adb0a55ef223965753e
42469ca151da583cf7c242cc2b62dc446211e8c5
2aa0b7fd5005a2a0cac1a66256cd96fc4e409e0e790ec5235d4819cc9ea0074f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/53011af0/cookie-law-info/lite/frontend/images/close.svg HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 14:24:25 GMT
vary: Accept-Encoding
etag: W/"65a69199-541"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsXHL%2FqNyLhmbKrMlUdOinjQ06bgSDc8a6MSAM8MHX9B5v0xcTaXx0kB0T9e7n3Z%2FYmkC2raIiEk4IR4YUf%2F2%2FmATixA7uy0tq91o93kXBabgBpXk0%2BVspjLXeJVzwDGuuce2oaPZmO4rA0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e746aa58b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/53011af0/elementor/assets/lib/eicons/css/elementor-icons.min.css
172.67.134.124200 OK 20 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/53011af0/elementor/assets/lib/eicons/css/elementor-icons.min.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (19525)
Hash edcdb90e5161a1894daff5e6b1b35c3f
1c199cad3f215c2dcc739fcbc10bb14b53bebe13
d2f82e2e141c7a7f31f40ab9ed8c499bba09505bac8b806cf016d10550e2a6d7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/53011af0/elementor/assets/lib/eicons/css/elementor-icons.min.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
last-modified: Tue, 16 Jan 2024 14:24:31 GMT
vary: Accept-Encoding
etag: W/"65a6919f-4c73"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01%2FWnYZKH%2BQt8M1f6XLHhJVrDvrrl%2FJe14XjWzv6lPorIqaasCIgnF80xiGq93WNQee87PfqHYazeh%2BhKfzuM2Oj272kmQ8NiKi35teCENLPyXRuYH1%2F8pJbtmXMhiA6G%2BJKOZoCmSRovFg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d95b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap
142.250.74.170200 OK 50 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap
IP 142.250.74.170:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hash 313a6232699b2f02296b5be9f4a0a5f8
d9aa6f8de96b123ea9f0546e062e340657ef0191
94f0cb222975e7939a4b4c283376fc06fbcdfcfced990a4cfbb37bf74a29567f
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 10:17:08 GMT
date: Thu, 18 Apr 2024 10:17:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
172.67.134.124200 OK 121 kB URL User Request GET HTTP/2 merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
IP 172.67.134.124:443
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
Size 121 kB (120853 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:17:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.27
cache-control: no-store
link: <https://merryandfrankenstein.com/index.php?rest_route=/>; rel="https://api.w.org/", <https://merryandfrankenstein.com/index.php?rest_route=/wp/v2/posts/155>; rel="alternate"; type="application/json", <https://merryandfrankenstein.com/?p=155>; rel=shortlink
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BrxMMDCJcymRFO1O1%2Fe0xvmEta6%2BxWKKQHTTYMNcTUUYPYC3enWRYghjk%2FVQizMbhavvQ6PfwL1i49un3N20PhTW6et1P4JcrB7jHsXhCmr6gyzpKKYKEUjrENcobdl7SDizFvfzvR%2BlJQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e735d8ec1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
merryandfrankenstein.com/wp-content/53011af0/elementor/assets/css/frontend-lite.min.css
172.67.134.124200 OK 117 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/53011af0/elementor/assets/css/frontend-lite.min.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (65496)
Size 117 kB (117332 bytes)
Hash 26c7877cd646748f7c94492503902a69
a204d6fb80d23f4e0959fd93531e7ac1fffe05c1
6ecbdb2dc3f86c7ed142dce156d8f3ca1846b75bb512471935f45b8c8949645e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/53011af0/elementor/assets/css/frontend-lite.min.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
last-modified: Tue, 16 Jan 2024 14:24:31 GMT
vary: Accept-Encoding
etag: W/"65a6919f-1ca54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Q4MB1eHKCthYUDqZm3y0%2BfJ8Z5W3BgvpEvCvGk9Ar1s3od17Plehba69Xo%2BhdZ22KKptsKjUDFVa8Cmu7zD5vY4lQSWLE0yQbaeukNG4cbBY17tREz07dqOEbNfTVcLnzUI3VJUcET4KBM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419d9cb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/style/style.css
172.67.134.124200 OK 2.3 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/style/style.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (2268), with no line terminators
Hash 0508687b1ebae614696bc989df28b98d
6cbf9eb0112fb363d89281ac90aeee09d421272d
a29a433f487b474ce30a727e99db0a2ae2366d75c4cf628555b2cc85ef187da7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/style/style.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=2932
etag: W/"659e8333-b74"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pbh6pAfRi9%2BPXF0fk1IchBHypY4AzVDpujMkyJ5BEJ07MrOL0%2BrqlhtxFEA8Xu8zrrqPVGbGHMRlQAbyfGmP18vRlG4q8uqm6%2BdtEv5XdVZ4bVh6pc7%2BnqUnei1exD4r1J1CZDNwa0ZbC2I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7451eb8b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/img/1.JPG
172.67.134.124200 OK 18 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/img/1.JPG
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 725x85, components 3
Hash 6b0a1ed324fdceb5dc83760963063974
9a920affd602413fccb876ee175dd99b7af9062b
db715746fa47b1cee327fdfadb830437b8a55dfcf53f6b8a57d2162f362cf153
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/img/1.JPG HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:09 GMT
content-type: image/jpeg
content-length: 18543
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
etag: "659e8333-486f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qyxh3byz2wUOVQ3n12%2BAb7QLCNvzxmyHK5Bs%2Fadf7WjsteD%2FkcA4EsTAB2xXfmD2DsJjC%2BQeB%2Fly2JJ9mifEZjM72yxobdjK2nLOnf2c8yyGs6ghTJD8PqezddtWM2el5FAdVn8mCDmje7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7480de5b4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
172.67.134.124200 OK 3.4 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type HTML document, ASCII text, with very long lines (3656), with no line terminators
Hash 2c13c0623726852bc4524e8a65e73b2d
e24829c8f113e9ac238a9e818edcd251b4ea00ce
bd1693b7062f5d35a221fa0d634365d283ec43054476d8c40242e585adf1e71f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/index.html HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/html
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nuEq%2BshOK1D6W4Byx0bA1C0wO9ZCsMHjpx4TAfwTynXpbCYW3nf9Rnb1sd6wXeRKW3VJB1S5Fj9MyVLK9UFAan0A1t0GJrBb9jT6QowH1uT%2F2sSllmXwz9tytsNuNb8XaMbytzMFlo8pH3g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e743fbe3b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/53011af0/cookie-law-info/lite/frontend/js/script.min.js
172.67.134.124200 OK 19 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/53011af0/cookie-law-info/lite/frontend/js/script.min.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (19185), with no line terminators
Hash 367bab3fe1e10d6f3d07cf995836afbc
530cc18a23a89a3c01bcf4b9b7d7ca7154daa331
aaa98cf9a1d05fcc65d948ce5712cf5ffee25659b1ab42553f1d60222ba0bb35
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/53011af0/cookie-law-info/lite/frontend/js/script.min.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
last-modified: Tue, 16 Jan 2024 14:24:25 GMT
vary: Accept-Encoding
etag: W/"65a69199-4af1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sgw2Kk%2FMvmQhBHxMpSZtbaT9oFUixF1ejCuMRgo4w2HPw4kZwG5FILYJq04U34plm581UENjzX6tKsEul3%2Bp6daRr0v3x6rywe8GUiIJfjYpkTkuvz5C%2Bo19CVDzoS3Yyl0ly1kqucv0xhQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419dbeb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.67.134.124200 OK 1.2 kB URL GET HTTP/3 merryandfrankenstein.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type HTML document, ASCII text, with very long lines (1271), with no line terminators
Hash 40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:45:04 GMT
etag: W/"661e9d00-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=04gKRBMVob7pkNM00f5Z12mrC8U%2FbxfbBxCCIZnDKApUTp7E8Hdu9fsZ7jBhmpPkMVHgCL7Vl3AqOkx1joK67feFb1kSuUvpqWfYcglxsuFJzy5ZPJQGBnzp%2Bb%2BZjKwrJAlQlWAFD9IkwXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e741ade8b4ee-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 20 Apr 2024 10:17:08 GMT
cache-control: max-age=172800, public
content-encoding: gzip
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/script/main.js
172.67.134.124200 OK 3.9 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/script/main.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (3862), with no line terminators
Hash 9cbd4cc3893a34c747d080675a5da51f
1cdd0c1a37ea64429d747753df9a7ba8eef191b7
03a627a11568c18e12745f1375b2828342570b47e028629b6bc11f6a75eb4c03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/script/main.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=3862
etag: W/"659e8333-f16"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMKN%2F%2FdEJuoJfc1uNAi7q4cb8ukNh7ftWujihNDezfZ4eZRzZjGxjE59EOGGyXlTDbvu8%2BO3y%2FFWhTW6I83bKjHemLFOd9o6kDjsiIt3UgvLEhfHQt8GphT1CANfHVBtuoU7AQU983PUZbA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e746eb03b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css
172.67.134.124200 OK 31 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (30855)
Hash b819e54069c93fc9ce98b4579119f091
eb36dda9d3e731bc96ff10e76ba85ec12753fd65
72203aa6ee30f3c92fcededcf7640a651ce9c26dd2fdbdbc16a19a0dd8c894fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
last-modified: Mon, 04 Dec 2023 04:51:19 GMT
vary: Accept-Encoding
etag: W/"656d5ac7-793b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kb0JuJrlp25C%2BOn2BVYkjfHBI%2Bme5%2FNju8iiCaedOabLiLdXH03YbZQbdclly65oJTUt9P0p9T%2FtJBd0LHApf7UpuHQ0KWuqjrA7YC45%2BvA9HPQHT4c6HkcxBV9WIJtfLeCWdjF9ba9R638%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d7fb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/IframeResizeHandler/iframeResize.consumer.js
172.67.134.124200 OK 915 B URL GET HTTP/3 merryandfrankenstein.com/wp-content/IframeResizeHandler/iframeResize.consumer.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (923), with no line terminators
Hash 40309c81086cb9ab7bc29ec4ac664b5a
1563da838c63404bad9d782c80ef23583d6378ea
4effbee91261391e9db328508da7b27e8a8377701462063ef2a41f3b68262c49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/IframeResizeHandler/iframeResize.consumer.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=1296
etag: W/"656d5ac7-510"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YUmjULaoLu0VT%2FYYMNDbSbzimKfaEdjK7OtQgv8UPo5MJ62rOmpYRIxVRvMjP6FqY2%2FDdtL6EMMqv9gJ%2BYWMvfz1D2xOo%2F9o7ZJpVxQRsHMWp4EOraluyLDKbZ%2FKoMJ0XCzevCh08Z2LHOM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741bdf3b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/js/main.js
172.67.134.124200 OK 46 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/js/main.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (2059)
Hash 35869d52b511e6f15947975aa00b1831
aa77aff96de1fe2459d359e8eb8d5df8b049bf61
7b35472fc411235df4ae2c9cba7b6a2b9888a9b3e5406ffb14f4b77d21091c63
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/js/main.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=92142
etag: W/"656d5ac8-167ee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HrTQfBAq%2BgJM0NM3WUvWCBKF5173lF7TxHZakdTrnYQspkeOaNi1N0YXYF5tkP2EvO7IxExKDptrSX%2B4KJpKx9x4pYbCvTqyifOphuAlcTGD0T5xSVth3jZVChPC%2BJTkof0iXv04nDxkhr8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741be00b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/IframeResizeHandler/iframeResize.dispatcher.js
172.67.134.124200 OK 651 B URL GET HTTP/3 merryandfrankenstein.com/wp-content/IframeResizeHandler/iframeResize.dispatcher.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (658), with no line terminators
Hash 371d76dfc235f528c5b242e22c8ca3df
319132123e8cb8433ce89ed3bef5de08975437f8
5fd94cdf9c789495a0a80a7f09162565050197f3326617ed1bcc5523c934ca74
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/IframeResizeHandler/iframeResize.dispatcher.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=876
etag: W/"656d5ac7-36c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HYm9OyDLmddzH%2B2FTpqh2XhUOTtCwU1G9FiO1V3%2Both%2By7PqryY%2B77zPIUd8cP0pUNWZFzDKv6bXSjZ3adm9Ceyuca7HvYmYfcZoqZcgmE7YxJWBpDjui1DWzqFFLxreYY6vbAc8FhO9COw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7451ebfb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/css/social-counter.css
172.67.134.124200 OK 3.9 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/css/social-counter.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (3905), with no line terminators
Hash 34480ad49e9d82234770c934d562c703
24059030a9556cc506bb5a0d257c5624637c2ec6
05e24f45f2369f9055c047cb7b286bab7a55c92897937719211adf63e21a4f61
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/css/social-counter.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=4366
etag: W/"656d5ac7-110e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HgDV%2F6WPTVTDs3My%2Bja28v%2BB91PEY2%2BCphnr8RddreFlV%2Bo5lLnqLQBuH3LVX4H9upSqdWp9Z91zspiY7FxQjGOh3Dll1AOIjM4Ooauk6qOWZxDQALyHTckUZ9TOaoabo1tQVlspRDIiork%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d8eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/uploads/elementor/css/post-11.css
172.67.134.124200 OK 1.1 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/elementor/css/post-11.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (1100), with no line terminators
Hash 6e63e2b5ab6b73e0961b110f086fd5a8
ffb8a4954051a1ca9400ac0c47b6576e93043825
d028152649e999a9a93b0cb27dcd38025b17b631db3809e9fa7be24eb1855f9f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/elementor/css/post-11.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=1108
etag: W/"65a69240-454"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 16 Jan 2024 14:27:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TySQ7iRhdh6f7DyfF9h%2Ftv2lHZuVqJQ2alqilDagdiD78puyQa%2BTgi8PwkoVl8bvpf8Vd2lkvk%2BITBfrzsFaNCJzlc%2Bi%2BJWJrbdF328ovuvGP8RC1WkjD0kUszSLIgk%2BbwC%2FeCsKWZ%2BZ1Yk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419da4b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=PT+Sans:400,700
142.250.74.170200 OK 2.6 kB URL GET HTTP/2 fonts.googleapis.com/css?family=PT+Sans:400,700
IP 142.250.74.170:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File type ASCII text, with very long lines (2670), with no line terminators
Hash 0e3928c00bd2389e181375336fb00284
fbb86ad4f4451b6a592cd2c12b180378be0d8212
b8e0771547de7f6cd624c867434e283dc764b80fa9778def4a5fd73c53d06e38
GET /css?family=PT+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 10:17:08 GMT
date: Thu, 18 Apr 2024 10:17:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/img/4.png
172.67.134.124200 OK 195 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/img/4.png
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type PNG image data, 300 x 600, 8-bit/color RGBA, non-interlaced
Size 195 kB (195141 bytes)
Hash aafa4c1dfee4b2b65dfccbd0f744db7e
110e1da719a49228b5b852932a4a6b2cc90f505c
d6dbb08731b650446b787fe80a163f59511e7870b26d9f25da495781d66c44da
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/img/4.png HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:09 GMT
content-type: image/png
content-length: 195141
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
etag: "659e8333-2fa45"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjjRFrs29zMcUCqX2l46d0qdoHlSFJccrFMViL%2ForWmgO3Gr9x21XDncrnUVOAI6hYOSGDaXlzewFHfAl8bsaxv%2Fmc%2B%2FysUYUYrZSDIfxZNyZgK%2BK67XCzp9VsZvFWhut7jVDB%2BE0Bdi8%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7481e1bb4ee-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/css/penci-icon.css
172.67.134.124200 OK 5.8 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/css/penci-icon.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (6180), with no line terminators
Hash 851a7ad5fe22b4a39f74c6d25595493f
486b762b14840a7b15e2085bbe7a10cbb0eff869
dca54a69a748655eb1285e2597ab82a4495c482872ff5a032788faf587d7529e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/css/penci-icon.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=6213
etag: W/"656d5ac7-1845"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VT5eoVLmMLgcMlxco2pfOHxnnJuMeGhbbzR%2FS%2FmkOBn0%2BUV%2Bm8b6jV4GitXc1sxhltBeuJ0CrmDQ3r%2BnGWzVSTDkDoGegwivIWLPenBCrdW1qFPczx%2FejKrxtE3y2%2BSVjX0bo2cugAyrvu0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d86b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-includes/js/jquery/jquery-migrate.min.js
172.67.134.124200 OK 14 kB URL GET HTTP/3 merryandfrankenstein.com/wp-includes/js/jquery/jquery-migrate.min.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (13479)
Hash 9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
etag: W/"656d5ac8-3509"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2V%2F0RmsKNwYp5N8TAoVjytAgqxITEzOAgtrnNPe%2Fr117q5pYIiiyxnYUxPf4V5L9uEQEBFU2WvMtCzjGJp5K5njtMJnVpy9l8rlgo2wIT2OhdHTN4v2pvUrKu6yMW%2Fstpeb1eOwLTKyZ44o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419dc6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/js/penci-lazy.js
172.67.134.124200 OK 8.7 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/js/penci-lazy.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (8846), with no line terminators
Hash 5a93ede4a5ef25130aee6b15faa105cc
3e32778d8cd7a278ddd5aca917d735894b339a92
f1b74183344f8e8bc707ed9f6dd53304794e7668770b9ba6c6ca8ccd6b486af7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/js/penci-lazy.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=8847
etag: W/"656d5ac8-228f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IU7Uij1ZYqwOpMqV1jFeRvifm7qwJsa04GUACXfh%2BhViqzQdxW%2B8hLHgcNYOhciwu8t8bTjfV%2B%2BQ25zeOqz6M0xgcpHEMLg2kGHx3jIgebHGUCWsCfu8AYDNtOtH2uPso7D0cHlASE3L4BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741bdf6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
172.67.134.124200 OK 3.4 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type HTML document, ASCII text, with very long lines (3656), with no line terminators
Hash 2c13c0623726852bc4524e8a65e73b2d
e24829c8f113e9ac238a9e818edcd251b4ea00ce
bd1693b7062f5d35a221fa0d634365d283ec43054476d8c40242e585adf1e71f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/index.html HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/html
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5MZBXcvwBUg3kJgLvOPFZOHVgFFfXmaNteMSThw4DwwDtNfoz6I%2B8ZmmzIK%2Fv%2BOaWT%2F5BVnZh%2BfMPG0HuQA8sg4JZB9lQx94LuTFxMsUwkQBnos6hH2Z2wHJbNzyODPGcPtnCikVRzBhlw4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7443c78b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/script/main.js
172.67.134.124200 OK 3.7 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/script/main.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (3741), with no line terminators
Hash 493d657ebaca6782523bc17db8f07170
d75a27ed1977b32d36a0954814169b31dc6bedbc
32c32c8dd6c1d7c7dfc7248dfbf43dcae89d60e4ed5d771b907ed0c0586b8bf5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/script/main.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=3741
etag: W/"659e8333-e9d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wz7xJswco%2Bdl2wyvXOqPOkUES%2FQF66z1HWfp6TE%2BossvpKcc%2FzUrdbprPT5QzgSPGmcIVpmchlaPi9g00tleZAKWT7NV3Hssf1XBJ4lSBa8MqajVekeOUwsXBpKvuknfnSrBWwP%2FMzUMUXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e74689e7b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/script/main.js
172.67.134.124200 OK 3.7 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/script/main.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (3741), with no line terminators
Hash 493d657ebaca6782523bc17db8f07170
d75a27ed1977b32d36a0954814169b31dc6bedbc
32c32c8dd6c1d7c7dfc7248dfbf43dcae89d60e4ed5d771b907ed0c0586b8bf5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_h/script/main.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=3741
etag: W/"659e8333-e9d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HYhfecHZn9c%2Bvw9ur%2FIvaJMB7B5t8XtkXmkYPogI%2F%2FjkheiHxYFLlAOr8kzLHUTTNS7yGr53If1CidAA7mcQTVvrPwKweSyHydmCGYCfLGDEeUEmSX8iqoPk6HTdf7u7hHR0wux%2FA4iEeq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7451ebcb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/IframeResizeHandler/iframeResize.dispatcher.js
172.67.134.124200 OK 651 B URL GET HTTP/3 merryandfrankenstein.com/wp-content/IframeResizeHandler/iframeResize.dispatcher.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (658), with no line terminators
Hash 371d76dfc235f528c5b242e22c8ca3df
319132123e8cb8433ce89ed3bef5de08975437f8
5fd94cdf9c789495a0a80a7f09162565050197f3326617ed1bcc5523c934ca74
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/IframeResizeHandler/iframeResize.dispatcher.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_h/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=876
etag: W/"656d5ac7-36c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2BzLLdGMUnePDjJUK4OM02eKW4h4FC4s3W0Uk%2BDyYF5e%2B7FVgobL%2FD7ikBXpwHKt4EMbBP%2BxFqDcq5npkUX8uKHAbuSK%2FdUyLIb9VOjmeUWSGgZGfjuUy4bnOaUwGXtU8IW9n7SjQMXCM44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e74689f2b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/style.css
172.67.134.124200 OK 0 B URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/style.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/style.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=679
etag: W/"656d5ac8-2a7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4FxrQJIbMm87zI9LVZS4MiFNzbhblP8rBZ6SMrrn86ktLdf%2BntMCuuPYL4My0KYQvjc1m8hNPMbRLsj8D1m4dxxRayPEldjslGIeDuIElCSueZuMQC8OUeYgqiq8W962PD7PeYbdHVUGZv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7418d89b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/style/style.css
172.67.134.124200 OK 2.3 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/style/style.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (2268), with no line terminators
Hash 0508687b1ebae614696bc989df28b98d
6cbf9eb0112fb363d89281ac90aeee09d421272d
a29a433f487b474ce30a727e99db0a2ae2366d75c4cf628555b2cc85ef187da7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/promotion_v/style/style.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/wp-content/themes/soledad/promotion_v/index.html
Cookie: cookieyes-consent=consentid:RUY5WmhXNDJheDR4M21rb3k1cHdQemlYbzdheEpIOWU,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=2932
etag: W/"659e8333-b74"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 10 Jan 2024 11:44:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtayW20CI%2BEJABSTvOMSaJPYQKRNJ5UT6T6bYpTrfPMXcfCkiyi4Yn1zh6GAR3Umg519YWzaM67Q2S2VIj7vhJVjj1ygwvPoJ%2F0dHninwmrq38C3NrwdvnbMVFcwF42Z2CWcGYPzQnlzIkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e746eafcb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/uploads/elementor/css/global.css
172.67.134.124200 OK 9.4 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/uploads/elementor/css/global.css
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type ASCII text, with very long lines (9371), with no line terminators
Hash 1785084ae3e1423c2b967940e0a8a250
5a176ea941261f6df857e0e8d4f3c538169a8ca3
231fbc104c9ffce42ecd400a3847a76a2a2ca309525caa137b7080c8634fe8ea
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/elementor/css/global.css HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=9475
etag: W/"65a69241-2503"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 16 Jan 2024 14:27:13 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2B5T7Ghpu6ADngwbsgBQhnmpKfWdS2RzF5S82%2FcxqZEt2wg%2BvzkXf%2BUr7qlEHZ5z%2BYwSe84a77Dj6t0uc0QvvVk9zdhgprJSTqszznSM0zNxVT3qubd3am8mbtiEzUX34D%2Fs06X2973laO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e7419da5b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/53011af0/wp-meta-and-date-remover/assets/js/inspector.js
172.67.134.124200 OK 3.1 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/53011af0/wp-meta-and-date-remover/assets/js/inspector.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (3209), with no line terminators
Hash 5bb9ba3d1f59084567a996c92f3a1179
82cfa65ab0d8849c5687df4850bbcc7c40d134ac
b9e698e30ba89dc795a15adb0b35de5f961ed361f28830c53fc748973535eb46
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/53011af0/wp-meta-and-date-remover/assets/js/inspector.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=3913
etag: W/"65a691a4-f49"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 16 Jan 2024 14:24:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OjoLGcBXwvi%2Bsx7bqcZwQcEbNTjEmp2UsK7A4EXuF8WEWypmvFa2JpXpC4mjqaLn%2FbGEzuEIVrutJv6m2yQjQi4fEu4lt7OZsWHDJciMmu9%2BgDsNdSjZWLgj%2F3YH0Diqu3iGjqjgGFNOmBU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741bdf4b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/wp-content/themes/soledad/js/libs-script.min.js
172.67.134.124200 OK 169 kB URL GET HTTP/3 merryandfrankenstein.com/wp-content/themes/soledad/js/libs-script.min.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type JavaScript source, ASCII text, with very long lines (30324)
Size 169 kB (168713 bytes)
Hash 19c9bbd54402c22fff34e5891cfcbd2d
4a4660389cdd6a0db640407e54bae15c69f68a0d
2507fc011ebd0b32759d7abafd7c58b006699c084dc92e85b20784b04f4fbbfa
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/soledad/js/libs-script.min.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 04:51:20 GMT
vary: Accept-Encoding
etag: W/"656d5ac8-29309"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bh17%2FGYwuS8LpJb2pMeVJV1eGYoyDIiaTqgNlpAPnp7aRuI80EtA6P0sAskQDTw5FcmGraAmF1t%2Byx8K7IT8rQNFBIEPGv7uBgIqlnktjfb4IiaUpfDzoPjZX4PYoJDL8tfceFpvE7gpj3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763e741bdfcb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0
104.18.11.207200 OK 64 kB URL GET HTTP/3 maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0
IP 104.18.11.207:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 64464, version 4.262
Hash 4b5a84aaf1c9485e060c503a0ff8cadb
574ea2698c03ae9477db2ea3baf460ee32f1a7ea
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
GET /font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://merryandfrankenstein.com
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: font/woff2
content-length: 64464
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "4b5a84aaf1c9485e060c503a0ff8cadb"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 02/19/2024 11:12:32
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 61b14585a68c63976580e53ec2459e01
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8763e7453e52b505-OSL
alt-svc: h3=":443"; ma=86400
merryandfrankenstein.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.67.134.124200 OK 1.2 kB URL GET HTTP/3 merryandfrankenstein.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.67.134.124:443
Requested by https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Certificate IssuerLet's Encrypt
Subjectmerryandfrankenstein.com
Fingerprint00:DB:2A:44:9D:2D:7F:72:5F:C4:72:BB:48:E2:7C:3F:1B:22:9D:F5
ValiditySat, 30 Mar 2024 21:20:41 GMT - Fri, 28 Jun 2024 21:20:40 GMT
File type HTML document, ASCII text, with very long lines (1271), with no line terminators
Hash 40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: merryandfrankenstein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://merryandfrankenstein.com/?p=155&subid1=11703518&subid2=The+Speculations+About+Mike+Holmes+Have+Been+Confirmed&subid3=18959030&subid4=49199209&utm_source=mgid
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:17:08 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:45:04 GMT
etag: W/"661e9d00-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0Zdkl6IsQTqqYS54CyARAi%2FX8aSK6rOYzQ1poXKai3LRj7vBa30F5EU1Y%2BzWMpxNX%2FVoM7003QHFN5cEe8ojjrEORVIOb2ELvsnxVP5kOmbVk3UYvub3lOxs7yh5WJyrCT2uEpbqe4RjZ0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763e7451eafb4ee-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 20 Apr 2024 10:17:08 GMT
cache-control: max-age=172800, public
content-encoding: gzip