r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7570
Expires: Fri, 20 Jan 2023 02:53:37 GMT
Date: Fri, 20 Jan 2023 00:47:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11642
Expires: Fri, 20 Jan 2023 04:01:29 GMT
Date: Fri, 20 Jan 2023 00:47:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6c8239f3894cfba54d1f3a9ea1c85db5
a70f2b3bf79f2aa26b0cc0340dd182565c3eb946
64dc0508d3fcea1ec92fb60310e9b3f5454c0b69f61e8453fd443bc46ab9471b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64DC0508D3FCEA1EC92FB60310E9B3F5454C0B69F61E8453FD443BC46AB9471B"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6379
Expires: Fri, 20 Jan 2023 02:33:46 GMT
Date: Fri, 20 Jan 2023 00:47:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 00:34:34 GMT
content-type: application/json
age: 773
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bOK4Oh+FtXz924VjaakUfiXXZ1wt7dkXXh9FT/1ungCKf8IUtiWrEZ6jNzsAjdhCN9AblkN36nY=
x-amz-request-id: 3TZAWH4M0PPWTPB0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 00:17:24 GMT
age: 1803
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
areyoulivingwell.com/
45.223.36.36301 Moved Permanently 237 B IP 45.223.36.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 94fbeb5f2c12a78599c6f9b23f996346
6eeca4afb0c0beaaefeb6df979be3ba3f97aefc8
fe09a9cfa5fffb74bcaadcad0be5b7d434be15c357ea514e3b6ef02f8f787f08
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 20 Jan 2023 00:47:27 GMT
Server: Apache
Location: https://areyoulivingwell.com/
Content-Length: 237
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: visid_incap_2714157=ddvWlNzDR9m7f5yS0LiVyp7kyWMAAAAAQUIPAAAAAABo08CIeeH3FQKuDOr0Ts6W; expires=Fri, 19 Jan 2024 07:16:04 GMT; HttpOnly; path=/; Domain=.areyoulivingwell.com
incap_ses_7222_2714157=6M9kIOfolwQmayooXbM5ZJ/kyWMAAAAA4a9k8bfLHc/U7tGSvlk74w==; path=/; Domain=.areyoulivingwell.com
X-CDN: Imperva
X-Iinfo: 9-69382750-69382751 NNNN CT(67 -1 0) RT(1674175646898 2) q(0 1 1 0) r(2 2) U11
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 00:47:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 20 Jan 2023 00:17:27 GMT
age: 1801
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dce4a8be753d4a93db03ffca50421c43
068040a8f69777484e545c0053ad54f273710797
7e6dddef8a4a5502c9715f8c20dcb75e132ecc875f13459a967c9e235e9ce3e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4370
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Last-Modified: Thu, 19 Jan 2023 23:34:38 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a435563e4adb6d7d64a8600e6250bf45
a8f5a99620153938ec4cfba0423d6d06c66bb7fe
9e5c713c50dca08152c55041574e3e4003213133a8c78494ff18d1d1808589fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a435563e4adb6d7d64a8600e6250bf45
a8f5a99620153938ec4cfba0423d6d06c66bb7fe
9e5c713c50dca08152c55041574e3e4003213133a8c78494ff18d1d1808589fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a435563e4adb6d7d64a8600e6250bf45
a8f5a99620153938ec4cfba0423d6d06c66bb7fe
9e5c713c50dca08152c55041574e3e4003213133a8c78494ff18d1d1808589fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d202273e867b01591672b07722f430fb
4bbab50550b5b6a583e1fcdeb68c1b6b67b0cd87
5b4ab20a3dc9a884b04e727e6d62a1428984126ea975e308c48a6e9b6581146a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.34.149.78101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.149.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eIM3vnD2DFDV/7/1BUO8zQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +VZiPSBpKv5ojS9m5+aEt9KSLXM=
www.googletagmanager.com/gtag/js?id=UA-122218998-2
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-122218998-2
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash ca40366d45db6b4ca0458e1602f375b0
7cc4dc24ed84066519fefb4645d265af61cde4ba
74cd354c7b4c46a1487b6148224ac2f6f6b222d521068a2498f64de38c1e6e72
GET /gtag/js?id=UA-122218998-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 00:47:28 GMT
expires: Fri, 20 Jan 2023 00:47:28 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44060
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a435563e4adb6d7d64a8600e6250bf45
a8f5a99620153938ec4cfba0423d6d06c66bb7fe
9e5c713c50dca08152c55041574e3e4003213133a8c78494ff18d1d1808589fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.7.6
45.223.30.36200 OK 3.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.7.6
IP 45.223.30.36:0
File type ASCII text, with very long lines (16238), with no line terminators
Hash 66c239d10f2e6e22bc410e8f7b7c4029
833e0ee327c112869f7ac657360a01301a3b1417
1dbb81bff2529153a5a6adce15003797feb1590144888dcadf474bc309c78ef6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.7.6 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 02:08:12 GMT
content-type: text/css
content-length: 3092
content-encoding: gzip
cache-control: max-age=1818333, public
expires: Fri, 10 Feb 2023 01:53:01 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 565) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/constant-contact-forms/assets/css/style.css?ver=1.7.0
45.223.30.36200 OK 933 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/constant-contact-forms/assets/css/style.css?ver=1.7.0
IP 45.223.30.36:0
File type ASCII text, with very long lines (3940), with no line terminators
Hash 67c96738ce56d72191048a13388ec06a
8453e0e45bd64c3a4c798f2c337da198b87a54d6
843a2e958f5a914ed1416d37194e85fa6e4e0a475f204d09ee35e3af6fe5b419
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/constant-contact-forms/assets/css/style.css?ver=1.7.0 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 02:30:41 GMT
content-type: text/css
content-length: 933
content-encoding: gzip
cache-control: max-age=2347564, public
expires: Thu, 16 Feb 2023 04:53:32 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6181320 2CNN RT(1674175647606 573) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.4.5
45.223.30.36200 OK 7.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.4.5
IP 45.223.30.36:0
File type ASCII text, with very long lines (6383)
Hash 52b18c2fad3deaa5f9da08feea621597
336e89356a8b4613b6cfda6968696343e45bafe0
88ecc7f3cf9eff836c2900e9821b81dcbb275c77f21e48ab433f58d7f7f3e5a9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.4.5 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:37 GMT
content-type: text/css
content-length: 7073
content-encoding: gzip
cache-control: max-age=1917901, public
expires: Sat, 11 Feb 2023 05:32:28 GMT
date: Fri, 20 Jan 2023 00:47:27 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2CNN RT(1674175647606 569) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
45.223.30.36200 OK 18 kB URL HTTP/2 areyoulivingwell.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (47826)
Hash 9415c9562591af7a582c29139621505f
0b12eecf36a48b871a3198550f4f65bb4a6d9b1b
06c70d3232c2ae3ed2aa259eb7a1beb329b654926813935fffa8902cd5ebaa4a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Nov 2022 06:19:21 GMT
content-type: text/css
content-length: 17667
content-encoding: gzip
cache-control: max-age=2112948, public
expires: Mon, 13 Feb 2023 11:43:16 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2CNN RT(1674175647606 567) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=2.3.1
45.223.30.36200 OK 11 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=2.3.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (7136)
Hash 0e6913c82aeb2c8be7742b1e7679a70a
3e51205d8d37b82cce3b6d12d00a0e45325008b3
3aa9e722ad5930309b7e1b749a1216906c72797315e2b65225af9595445c1abd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=2.3.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 02:01:21 GMT
content-type: text/css
content-length: 11311
content-encoding: gzip
cache-control: max-age=1917904, public
expires: Sat, 11 Feb 2023 05:32:32 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 577) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/jquery-pin-it-button-for-images/css/client.css?ver=3.0.5
45.223.30.36200 OK 686 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/jquery-pin-it-button-for-images/css/client.css?ver=3.0.5
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (1949), with no line terminators
Hash eb07e9495e00fe89a635a944e11d6ff7
7648c6212ef70057348e19c4f2fb6dcc911a9285
4d5cec050467d6f3bac4027f2db831e0c5c409c3e9bf4245465f00d5e6cecd52
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jquery-pin-it-button-for-images/css/client.css?ver=3.0.5 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 02:01:39 GMT
content-type: text/css
content-length: 686
content-encoding: gzip
cache-control: max-age=2163779, public
expires: Tue, 14 Feb 2023 01:50:27 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6181320 2CNN RT(1674175647606 579) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.8.3
45.223.30.36200 OK 2.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.8.3
IP 45.223.30.36:0
File type ASCII text, with very long lines (16576), with no line terminators
Hash 78d93c740841110d34200433fa58fa92
d01e20a10469348b5081c671f3dbcd0f952160cc
8998aaec67a98ee5dfeae6330b89ecf0cefcfc0a83e90b22220797c7d3477d2d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.8.3 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: text/css
content-length: 2160
content-encoding: gzip
cache-control: max-age=1818334, public
expires: Fri, 10 Feb 2023 01:53:01 GMT
date: Fri, 20 Jan 2023 00:47:27 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2CNN RT(1674175647606 680) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d202273e867b01591672b07722f430fb
4bbab50550b5b6a583e1fcdeb68c1b6b67b0cd87
5b4ab20a3dc9a884b04e727e6d62a1428984126ea975e308c48a6e9b6581146a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons.css?ver=3.6.2
45.223.30.36200 OK 20 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons.css?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4ea2565fef1d1d0de74a9299a816fe35
65e18a3795325fb78cca650fdfe2e7483f002236
ecfa04a9ed316f6dce5d9d79eeda5fa69715bdaadd5ed485c42fa46b5a3568b9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/css/icons.css?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 01:46:28 GMT
content-type: text/css
content-length: 19860
content-encoding: gzip
cache-control: max-age=2466344, public
expires: Fri, 17 Feb 2023 13:53:12 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-0 0CNN RT(1674175647606 695) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.8.3
45.223.30.36200 OK 13 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.8.3
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (62655), with no line terminators
Hash 5b8957fcf2a75b3e3dcc41bd85738b39
ee46ea314fde816f69751dd5170e5e90ea2395bd
e1b33106f77d3d0583844f41e46efddb6b7f21c24206408cd361cb4392f762ac
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.8.3 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: text/css
content-length: 13198
content-encoding: gzip
cache-control: max-age=669020, public
expires: Fri, 27 Jan 2023 18:37:48 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2CNN RT(1674175647606 683) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=6.1.1
45.223.30.36200 OK 22 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (402)
Hash eab194fe0de9af4d698ffaabaeb24db3
5d8452d9643545185be4e19112824ff926671b9d
ec895e8fa282cdd1802c24cc58acec8fddc7775157d9ef45f74fc0bed4042160
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 02:23:55 GMT
content-type: text/css
content-length: 21975
content-encoding: gzip
cache-control: max-age=1917900, public
expires: Sat, 11 Feb 2023 05:32:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 678) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/woocommerce.css?ver=6.1.1
45.223.30.36200 OK 8.6 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/woocommerce.css?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (29157), with no line terminators
Hash 07ec2fe5abbca8bf9c0606b04133d822
5899da13d877931d64628f9c2f6d0df9cf160d08
9a79cb6c83212e2795bff06253d19f61537a88b09ac052c4c13470dd5b1056dd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/css/woocommerce.css?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 01:46:29 GMT
content-type: text/css
content-length: 8642
content-encoding: gzip
cache-control: max-age=2050876, public
expires: Sun, 12 Feb 2023 18:28:44 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2CNN RT(1674175647606 688) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/style.css?ver=3.6.2
45.223.30.36200 OK 72 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/style.css?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (65137)
Hash 791869b3fcfe9f61f0484b1874640ea1
435893ce0cb8364ccccac1c59cafcdfc6c28fed7
dc6f2b33549f55e0be9ed079445e4f35568e7f42219a08c9ed38730931029b91
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/style.css?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 01:46:40 GMT
content-type: text/css
content-length: 71853
content-encoding: gzip
cache-control: max-age=1917905, public
expires: Sat, 11 Feb 2023 05:32:33 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 689) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/responsive.css?ver=3.6.2
45.223.30.36200 OK 3.9 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/responsive.css?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (12644), with no line terminators
Hash 2b674e835bebe8306fcace45b74771f8
2032a46a9c1d589cd4b05b5f727c656e32483655
a90ddefbfdf7de97b4d99d3f6a1a5a99cbb354e3cbe295af0b7bd108d11b0704
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/css/responsive.css?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 07 Aug 2021 01:46:28 GMT
content-type: text/css
content-length: 3882
content-encoding: gzip
cache-control: max-age=2533988, public
expires: Sat, 18 Feb 2023 08:40:36 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 694) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/css/classic-themes.min.css?ver=1
45.223.30.36200 OK 189 B URL HTTP/2 areyoulivingwell.com/wp-includes/css/classic-themes.min.css?ver=1
IP 45.223.30.36:0
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
last-modified: Wed, 02 Nov 2022 06:21:51 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sun, 19 Feb 2023 00:47:28 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 189
content-type: text/css
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2NNN RT(1674175647606 572) q(0 0 0 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=2.3.1
45.223.30.36200 OK 2.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=2.3.1
IP 45.223.30.36:0
Hash c4793d4c5f37223118865b6a8b93d546
ac6045f732cd75b8218df26ee33bd099aa2fd3bb
c4d3046b4ee1e66a3363225cb0ffb5d7d4400c19f15d39d8b2f41c12555c5dc4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=2.3.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:01:26 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sun, 19 Feb 2023 00:47:28 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 2441
content-type: text/css
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2NNN RT(1674175647606 579) q(0 0 0 -1) r(0 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.1
45.223.30.36200 OK 12 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.1
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (5178), with CRLF line terminators
Hash c220a68e588d62a720ffacfa52ad31d3
430b0eb0bdf72cebd13d43d18b8a276847b7a786
c12f9fb0d32fe152c3306f864f398f965b24ac6ffe01697b2b05fac214d2991a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:03:51 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sun, 19 Feb 2023 00:47:28 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 12242
content-type: text/css
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 581) q(0 0 1 -1) r(1 3) U18
X-Firefox-Spdy: h2
assets.pinterest.com/js/pinit.js
23.38.200.197200 OK 203 B URL HTTP/2 assets.pinterest.com/js/pinit.js
IP 23.38.200.197:0
File type ASCII text, with very long lines (361), with no line terminators
Hash 62d32c28f14783b94192cd8d35bc010d
78c1ba11e104bbd01a07225d0f8c41d7712094d4
e823b68f75484d37c74ebb652e2a5b183a1b65c43f1592985e519a8cabc44b2e
GET /js/pinit.js HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "62d32c28f14783b94192cd8d35bc010d"
content-encoding: br
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 203
cache-control: max-age=157
vary: Accept-Encoding, Origin
x-cdn: akamai
access-control-max-age: 86400
access-control-expose-headers: X-CDN
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/js/greensock.js?ver=1.19.0
45.223.30.36200 OK 39 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/js/greensock.js?ver=1.19.0
IP 45.223.30.36:0
File type ASCII text, with very long lines (65303)
Hash b9dc5624eb604828839d27aed19afa4e
81593f3d0bb52c41a9e0ebdb4fde209b27720f85
93b53013a3965028a06370b1fabb8db04c7334263051256f7ac9820ac9dc2a91
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/LayerSlider/static/layerslider/js/greensock.js?ver=1.19.0 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:28:53 GMT
content-type: application/javascript
content-length: 39074
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2VNN RT(1674175647606 699) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
45.223.30.36200 OK 4.9 kB URL HTTP/2 areyoulivingwell.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (18498), with no line terminators
Hash 4139ad07d27bbc66b8b2fbcec07519a2
134cf73f125ab7e4416b1a9ca00c38107193f28c
134347c2ee12fb7e76b73f830c6efd23ab6f5196962ae8d20845a3ba540721db
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 25 May 2022 05:59:18 GMT
content-type: application/javascript
content-length: 4946
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2VNN RT(1674175647606 693) q(0 1 1 -1) r(3 3) U18
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 149a7cdd0e94d31b2237ac241b3bad35
c6e2c3aba0c96ffc26114f79306930a4554964b3
fe9cd8e03a847278924ed338131b5ef16b8ef315db81f3e6387c0621baa46232
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
areyoulivingwell.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
45.223.30.36200 OK 31 kB URL HTTP/2 areyoulivingwell.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c1e9f6135b0903d0257b038df8d65cb6
51c297027087b5c53de7c67c7be1f7d6d05d7242
ab5a0a33f5acafcfda65f47df7445fc52c604af76874a28dc8deecbba2de3bb0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:21:51 GMT
content-type: application/javascript
content-length: 30933
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2VNN RT(1674175647606 700) q(0 1 1 -1) r(2 2) U18
X-Firefox-Spdy: h2
www.google.com/jsapi?ver=3.6.2
142.250.74.164301 Moved Permanently 247 B URL HTTP/2 www.google.com/jsapi?ver=3.6.2
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6f802671be0745c0badb5540053276d1
c8f508acc57e99308ac7fa66ab2b91bf7bda6158
0800a7c74ba21fac59c9737477c5cd79dd64496cb6b9c4221ca3240cca0c39d0
GET /jsapi?ver=3.6.2 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://www.gstatic.com/charts/loader.js?ver=3.6.2
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 20 Jan 2023 00:47:28 GMT
expires: Fri, 20 Jan 2023 01:17:28 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 623f341fa3fd0e09d3a2b649ea882919
98c12490034b5633fcc6386b627947806495fc61
edf2873ae5aee565800ffbd38c62519e683adf9f4624bd49af202b64f158f5eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2710e6694429ed2cf5082b6e48eb6ebe
fd6e63ac90e1d86f37e5f46c98c7592a86106217
928ff655e10cf8a01515e4ca9ad5c7128044617acd61fbd46b613b4861aa5379
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.transitions.js?ver=6.7.6
45.223.30.36200 OK 3.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.transitions.js?ver=6.7.6
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (23515), with no line terminators
Hash 0218870b530fc1eb843bb8d45ee3dbee
bc70faaccd784dd01ce7a9ec0354a2fb41da93ff
2f9c9f66eb81cfa57388634aca69350013264c4f12584b20139c8fa4bfc60a83
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.transitions.js?ver=6.7.6 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:27:38 GMT
content-type: application/javascript
content-length: 3245
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2VNN RT(1674175647606 703) q(0 2 2 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/pum/pum-site-styles.css?generated=1575131319&ver=1.8.14
45.223.30.36200 OK 4.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/pum/pum-site-styles.css?generated=1575131319&ver=1.8.14
IP 45.223.30.36:0
File type ASCII text, with very long lines (8260), with CRLF, LF line terminators
Hash 9bcb2d048cedb6f8487ca0141b7ba7fb
006d8751e7fb3896d8af824455bfcb910fc3a42e
cb81b1f4842f53bdecfccce9d15259ccf98cf5113ca7a8bf96e41966da9a6d91
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/pum/pum-site-styles.css?generated=1575131319&ver=1.8.14 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:11:29 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sun, 19 Feb 2023 00:47:28 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 4351
content-type: text/css
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 698) q(0 0 0 -1) r(3 3) U18
X-Firefox-Spdy: h2
www.gstatic.com/charts/loader.js?ver=3.6.2
142.250.74.35200 OK 20 kB URL HTTP/2 www.gstatic.com/charts/loader.js?ver=3.6.2
IP 142.250.74.35:0
File type ASCII text, with very long lines (2134)
Hash f3341efa0432876b1697ccec98c33b01
55044e79afbe25d119b7b87dc7b5d1b3ec0c607a
6672904faeb4f203e0109279aa99d88f9e8690d2d696d80309ef50a974f88c77
GET /charts/loader.js?ver=3.6.2 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://areyoulivingwell.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
access-control-allow-credentials: true
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gviz"
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-length: 19937
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 00:47:29 GMT
expires: Fri, 20 Jan 2023 01:47:29 GMT
cache-control: public, max-age=3600
last-modified: Wed, 23 Jun 2021 18:41:30 GMT
content-type: text/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2710e6694429ed2cf5082b6e48eb6ebe
fd6e63ac90e1d86f37e5f46c98c7592a86106217
928ff655e10cf8a01515e4ca9ad5c7128044617acd61fbd46b613b4861aa5379
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.1
45.223.30.36200 OK 18 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (64615), with no line terminators
Hash 0f7398b181e3e74897ad99af1106aadb
ed1190fb20a11ba6c5b6cbac191ea0204cb40382
67673bbb0a089d395ced09a4b6861aa405dc97500ff0ddf7e1a5f137e11e499a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:27:37 GMT
content-type: application/javascript
content-length: 17984
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2VNN RT(1674175647606 707) q(0 3 3 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.3.1
45.223.30.36200 OK 36 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.3.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (53293)
Hash caa42e6f6b6b15d5878d8ae3ccf86540
f14c39369bb247372381b11e24c87b79869551b0
707c287c547c0e379b4cfa77b81c6d1b7d780c9e3f541b15ae040f7e4bb3e430
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.3.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:25:53 GMT
content-type: application/javascript
content-length: 35898
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2VNN RT(1674175647606 705) q(0 3 3 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
45.223.30.36200 OK 4.1 kB URL HTTP/2 areyoulivingwell.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (11126), with no line terminators
Hash 178eb6bb4009474aeceb930c350e5fc6
362c035f70ccaef4c64bc6e3e14b14b9e569f43d
3e885471a567ff15fe4e353e7de35bb5732c8daeb2bbb9dbf258742138b2abd0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-type: application/javascript
content-length: 4109
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6189673 2VNN RT(1674175647606 701) q(0 2 2 -1) r(4 4)
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/js/jquery.esgbox.min.js?ver=2.3.1
45.223.30.36200 OK 19 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/js/jquery.esgbox.min.js?ver=2.3.1
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (58865), with no line terminators
Hash 0c32a60b45122616ce58d0786d10e5f0
6f45db1a822115d34118cacba0b51c7c24ae6bfb
e912a2f392bca8d3cd4a9527a637e8a227a292e6f83c60f6b3004754fc93f13e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/js/jquery.esgbox.min.js?ver=2.3.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:31:00 GMT
content-type: application/javascript
content-length: 19445
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2VNN RT(1674175647606 704) q(0 2 2 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
45.223.30.36200 OK 3.3 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
IP 45.223.30.36:0
File type ASCII text, with very long lines (9172), with no line terminators
Hash f4116381f869c11f91da796508f49afe
549221b8b53cea424f733200fe34359dff8b222d
49e85eafba5fc762bca5c0fcfa2aa30fb3abe0f0b683dbb35478580bc1f570a0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: application/javascript
content-length: 3291
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2VNN RT(1674175647606 708) q(0 4 4 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.8.3
45.223.30.36200 OK 1.0 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.8.3
IP 45.223.30.36:0
File type HTML document, ASCII text, with very long lines (2750), with no line terminators
Hash 93ba2cdcf2d0750383134b2456e17eae
df19d0aa0737b82ca0ee806170c6028049c241a2
c279749bcc8b485504179bb8ef1976b624faca0e84e7057d1f807586e3e94561
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.8.3 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: application/javascript
content-length: 1017
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2VNN RT(1674175647606 710) q(0 4 4 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.6
45.223.30.36200 OK 319 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.6
IP 45.223.30.36:0
File type ASCII text, with very long lines (533)
Hash fcf934d2e9ff0deec4bc05a29b174bf1
b0472f0fa668d0bdbf6e6406445ed59fa809912c
8a941d600eef722b35ee733c777695c4aa47a9d189cd77a46d1985ecda96c869
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.6 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:27:38 GMT
content-type: application/javascript
content-length: 319
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2VNN RT(1674175647606 711) q(0 4 4 -1) r(4 4)
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/css/pe-icon-7-stroke.css
45.223.30.36200 OK 1.8 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/css/pe-icon-7-stroke.css
IP 45.223.30.36:0
File type ASCII text, with CRLF line terminators
Hash 562954bb97a40ef5366f7683c75f76c0
ad160569207456dc72d916da1b10086303554046
1192c57c68d23911e5f2602c729b5c572483c6e636260d299a3026da7681d368
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/css/pe-icon-7-stroke.css HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:03:55 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sun, 19 Feb 2023 00:47:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 1795
content-type: text/css
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 911) q(0 2 2 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=6.1.1
45.223.30.36200 OK 1.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=6.1.1
IP 45.223.30.36:0
File type HTML document, ASCII text, with very long lines (2862), with no line terminators
Hash 9afbc52b0aac917ab6431f876e56cfc2
0c44188a316776aa6e596269387879df309b2888
feef6167c41665df297090733d9da6a3f8e7f58498b6ea466dcaa17de2c47fd5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:18:59 GMT
content-type: application/javascript
content-length: 1381
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183462 2VNN RT(1674175647606 916) q(0 2 2 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/jquery-pin-it-button-for-images/js/jpibfi.client.js?ver=3.0.5
45.223.30.36200 OK 6.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/jquery-pin-it-button-for-images/js/jpibfi.client.js?ver=3.0.5
IP 45.223.30.36:0
File type ASCII text, with very long lines (14914), with no line terminators
Hash 64b36b8a6ed5a8801be00dc6cb4e3842
d31902b8967e3686dd41155fb24e2b34f7324a6d
aa9cf7269e9078b6bfcdd25222d373f503dac4af0c51cc745ad8d205cfe63b99
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jquery-pin-it-button-for-images/js/jpibfi.client.js?ver=3.0.5 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Thu, 06 Jan 2022 07:17:17 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 6078
content-type: application/javascript
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2NNN RT(1674175647606 914) q(0 2 2 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
45.223.30.36200 OK 6.5 kB URL HTTP/2 areyoulivingwell.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (18030), with no line terminators
Hash 4508ffa5824b1361aa7863c9a2d9776c
b4f22c94ef13b5143f573fdd5a50bb1fc20b5b50
aad1cbe290e8ed68720ecb8bf5c3902b7373f012c4cd6186a1c66b64829abea1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:21:51 GMT
content-type: application/javascript
content-length: 6491
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2VNN RT(1674175647606 915) q(0 2 2 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=6.1.1
45.223.30.36200 OK 5.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=6.1.1
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (11802)
Hash 7b8753ca1cc3e18aee113bf54c3a2a16
af172ccb3d5e0bb7fd09289a1ea66352ede8f95c
a4524e75258efdb581ac3b58f7ec4f2d9290d2f5dff675ee5ff370599cdb5cdb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:15:12 GMT
content-type: application/javascript
content-length: 5091
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2VNN RT(1674175647606 927) q(0 3 3 -1) r(3 3) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.8.3
45.223.30.36200 OK 619 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.8.3
IP 45.223.30.36:0
File type ASCII text, with very long lines (1472), with no line terminators
Hash 07153a64cf76006b3eb814126171fe76
b1c3a83a27c06b857190039c2f5a1cf0522ad8ae
d94b4a05816b3b558425ef0f41f99dca81c12210605b95029dfbc2a928210d0a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.8.3 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: application/javascript
content-length: 619
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183462 2VNN RT(1674175647606 929) q(0 3 3 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.8.3
45.223.30.36200 OK 1.0 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.8.3
IP 45.223.30.36:0
File type ASCII text, with very long lines (2940), with no line terminators
Hash ae7eee2c8f8740dd998daf6f741ac6ad
c6df737935161d4982bd1e068f6919ea78379861
c86fee352d2e65541d74dadfe697e16343e61b4337844ddfd4f55301b955fdf2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.8.3 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: application/javascript
content-length: 1042
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2VNN RT(1674175647606 930) q(0 3 3 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
45.223.30.36200 OK 866 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
IP 45.223.30.36:0
File type ASCII text, with very long lines (1680), with no line terminators
Hash 006cf741945d027acf736207a1d81852
9821e742b18da7665e1ba77c7e6d7efc7dd2a273
99a88dd78f93bcbd3b9a035e40dfe4256b9042e1a04a82264bb36ab48dc8c993
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: application/javascript
content-length: 866
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2VNN RT(1674175647606 928) q(0 3 3 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/scripts.js?ver=3.6.2
45.223.30.36200 OK 64 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/scripts.js?ver=3.6.2
IP 45.223.30.36:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 564b418bdb93a67cce192dbfc98cdcb2
c3554f9966936b2673c0aa2aa2a1bf2bd10833a6
13888ee42cf01ac3cdb98eec1f9553eb9a99b224f10ba1a7a24a7e0aaa52d675
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/scripts.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:19:05 GMT
content-type: application/javascript
content-length: 63776
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2VNN RT(1674175647606 931) q(0 4 4 -1) r(4 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=6.1.1
45.223.30.36200 OK 4.3 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (12129), with no line terminators
Hash 00356b71c47c3b7f520b7a0974c3b15c
e6a4e3b8700a71290c549d15929f295fe571e87b
0c42d61571a1710fa6942f0d382e841d152dc0d5f7b78f7170d50835ca8c5047
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:23:57 GMT
content-type: application/javascript
content-length: 4341
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2VNN RT(1674175647606 917) q(0 2 2 -1) r(2 4) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=6.1.1
45.223.30.36200 OK 701 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (1478), with no line terminators
Hash 03f14bf9206efc780be62b943356802d
4f87808976edc01ad4e3b362dad1491a57e5d2c6
21c549b40a2eec3517a0d91b86887e0d83c3652aa45b813c54a196d0b07fe538
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:22:03 GMT
content-type: application/javascript
content-length: 701
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6189673 2VNN RT(1674175647606 918) q(0 2 2 -1) r(5 5) U18
X-Firefox-Spdy: h2
fonts.gstatic.com/s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
216.58.207.227200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 19860, version 1.0\012- data
Hash a95e391373ad634c3b7dbaf77de3f40e
ddc4638bc28c21a400fcd2df94448743f198a257
fa3d5a0422c9b413abb4c78f8ff80de8a8ed58766f7110c82febf5296e899b47
GET /s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://areyoulivingwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jan 2023 15:34:17 GMT
expires: Wed, 17 Jan 2024 15:34:17 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:06:33 GMT
content-type: font/woff2
age: 205992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/map.js?ver=3.6.2
45.223.30.36200 OK 1.7 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/map.js?ver=3.6.2
IP 45.223.30.36:0
File type Apache Avro version 101\012- , ASCII text, with very long lines (2303)
Hash 42ad43196f0f85b3296d1fff69cf1d0a
99084a95fdf70d30d9af98ea46bc9a28ad87684b
c469a58364ebd17708ce48142fa2ac2ed6110f40972b3271c257c8cc0f5b2820
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/map.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:23:12 GMT
content-type: application/javascript
content-length: 1712
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183462 2VNN RT(1674175647606 932) q(0 4 4 -1) r(5 5) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/mediaelement/mediaelement.js?ver=3.6.2
45.223.30.36200 OK 19 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/mediaelement/mediaelement.js?ver=3.6.2
IP 45.223.30.36:0
File type HTML document, ASCII text, with very long lines (55479)
Hash 080b66a737f32491269b2ee142721760
1c106df296113e2fc52785d94ebcc1fc8f38e21b
25ff61781657e557d635e662ebeaa8c5f04852cef922eb777da44964c2d2f33b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/mediaelement/mediaelement.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:30:09 GMT
content-type: application/javascript
content-length: 18910
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2VNN RT(1674175647606 932) q(0 4 4 -1) r(5 5) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.easychart.js?ver=3.6.2
45.223.30.36200 OK 1.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.easychart.js?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (3098), with no line terminators
Hash c7ca48418dc077d62c68560c5eaca1a1
029ab86c6f3291266eea6ee1e143d5cc11e66603
f7c79d1a2be56329cb5be9a04726ef4deb0ed1bcd6afa84867bc4deef916e0e7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/jquery.easychart.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:18:02 GMT
content-type: application/javascript
content-length: 1154
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2VNN RT(1674175647606 934) q(0 4 4 -1) r(5 5) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/responsivecarousel.min.js?ver=3.6.2
45.223.30.36200 OK 2.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/responsivecarousel.min.js?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (7600), with no line terminators
Hash e8b968245cbb8515a797c9bf0725537f
4ce8401bde2812510c7a86b22651e016112c3a86
a4e831d9794f766b23db4199b3a8f8ce0e09ea4588923edb028332fd1020d885
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/responsivecarousel.min.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:24:17 GMT
content-type: application/javascript
content-length: 2065
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6189673 2VNN RT(1674175647606 935) q(0 5 5 -1) r(5 5) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.owl.carousel.min.js?ver=3.6.2
45.223.30.36200 OK 6.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.owl.carousel.min.js?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (15667)
Hash 98ca03eac48dc96482f61c9fa0b0a647
a70fa487e526f5dccfe6746f71ba9ebf527e5265
42906e4c5bcce40ed76a81448f3948ec1732a357ade4a3bf3a27cc6b95ad7666
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/jquery.owl.carousel.min.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:23:26 GMT
content-type: application/javascript
content-length: 6393
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2VNN RT(1674175647606 936) q(0 5 5 -1) r(6 6) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
45.223.30.36200 OK 39 kB URL HTTP/2 areyoulivingwell.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
IP 45.223.30.36:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash a0a5edddc4a48bdf9b6542dc8e019f43
b6b491e5ece3bc43fec1893b6e7c80fbdcf76e6d
238c0713219a030a7cc2349dd25d4901c071db5eee0f1dff916740cb039c9633
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:21:51 GMT
content-type: application/javascript
content-length: 38612
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2VNN RT(1674175647606 947) q(0 5 5 -1) r(6 6) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons/hbicons.woff
45.223.30.36200 OK 5.6 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons/hbicons.woff
IP 45.223.30.36:0
File type Web Open Font Format, CFF, length 5620, version 0.0\012- data
Hash 26253a3fd5b88a5127a7b040bfb3a8df
9e7776f9bed8fb83d178da2a7f4683f24603c8c6
0f17a60a6055e87a9238b6ba528497541a2220508849b0e4e0ca77416d3a4496
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/css/icons/hbicons.woff HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons.css?ver=3.6.2
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:46:23 GMT
accept-ranges: bytes
content-length: 5620
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: font/woff
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2NNN RT(1674175647606 1472) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.flexslider.js?ver=3.6.2
45.223.30.36200 OK 5.0 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.flexslider.js?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (16673), with no line terminators
Hash 00ec9bf73e9dd1848ea699db59f3b303
677bba9d45d96481c8a769905bdc0867f150c203
9982e7fdf915420d87e1274fa52d9c80c4673a1a29e420d6374f68ed2a7521ca
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/jquery.flexslider.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:22:19 GMT
content-type: application/javascript
content-length: 5002
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2VNN RT(1674175647606 933) q(0 4 4 -1) r(6 6) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
45.223.30.36200 OK 540 B URL HTTP/2 areyoulivingwell.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (1191), with no line terminators
Hash 26174b7810ba3e6bc69f99fcc297b0e5
06a9e1ecc9ce665918f3dfa4e911e55f54913514
fbec099cf1522571b3676059ed6f780756eb6c321ccf8731711e83556a0af6fe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 25 May 2022 05:59:18 GMT
content-type: application/javascript
content-length: 540
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183462 2VNN RT(1674175647606 948) q(0 6 6 -1) r(6 6) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.validate.js?ver=3.6.2
45.223.30.36200 OK 6.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.validate.js?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (20914), with no line terminators
Hash 831dac03f36802131ad3a10c361e4a59
46ac171068e44b05784c1c930b60316decb0c2bb
672f05abac5d9156ca0d996cdd9734b8e45a6ca3dc45422f350c7250e9226cdb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/jquery.validate.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:24:50 GMT
content-type: application/javascript
content-length: 6247
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2VNN RT(1674175647606 934) q(0 4 4 -1) r(4 6) U18
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
216.58.207.227200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 12708, version 1.0\012- data
Hash b4a68b1e743ee317eaaf0bbadd131571
f24f7823d4e3830c7cfa5bcb33733d2897c00f13
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://areyoulivingwell.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 07:46:37 GMT
expires: Fri, 19 Jan 2024 07:46:37 GMT
cache-control: public, max-age=31536000
age: 61252
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.custom.js?ver=3.6.2
45.223.30.36200 OK 14 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/js/jquery.custom.js?ver=3.6.2
IP 45.223.30.36:0
File type ASCII text, with very long lines (2527)
Hash 86627fd4806cce3bfa27ed1e662d6dad
5c2a711bf60b1d0356bf53aacfe477e22fd2642f
35b57df5b0be259890f695990f861fe4362297e2360be6cedc6235b4d94489ae
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/js/jquery.custom.js?ver=3.6.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:18:27 GMT
content-type: application/javascript
content-length: 14475
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2VNN RT(1674175647606 950) q(0 6 6 -1) r(7 7) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.8.3
45.223.30.36200 OK 1.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.8.3
IP 45.223.30.36:0
File type ASCII text, with very long lines (6758), with no line terminators
Hash db3218984a8b4abfb2fcb8fbadf567af
6e1ecb91efbe89ccea24cb4c75693074d0615476
d8f42f621f6a96dff98788fbffa113beca74161e2890b1b84c30aa80bbb25dab
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.8.3 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 17:57:38 GMT
content-type: text/css
content-length: 1171
content-encoding: gzip
cache-control: max-age=1808542, public
expires: Thu, 09 Feb 2023 23:09:51 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2CNN RT(1674175647606 1505) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
45.223.30.36200 OK 475 B URL HTTP/2 areyoulivingwell.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
IP 45.223.30.36:0
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash b6ee86faa8c900e9c56768c414723b48
352fa9666274eb220c6f61efd1010b2dba385244
67f71b9e3957c47f39e25c40926c39dcd12d601f3a178b025a773d170de1707a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 Jan 2021 13:35:18 GMT
content-type: application/javascript
content-length: 475
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2VNN RT(1674175647606 949) q(0 6 6 -1) r(7 7) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1575131319&ver=1.8.14
45.223.30.36200 OK 13 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1575131319&ver=1.8.14
IP 45.223.30.36:0
File type ASCII text, with very long lines (48458), with no line terminators
Hash bb79a709119f97e4cd9cfb71b2f45b68
1a877e3411a8d89ec6eae266bd751ef04f0ef04e
a35582bfd02b8ca823ad3c36ac808e9c695446b6c3d27ef239a1d0afbe667154
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1575131319&ver=1.8.14 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:11:37 GMT
content-type: application/javascript
content-length: 13276
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2VNN RT(1674175647606 971) q(0 6 6 -1) r(7 7) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.6
45.223.30.36200 OK 5.7 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.6
IP 45.223.30.36:0
File type ASCII text, with very long lines (19707), with no line terminators
Hash 1a0eead05ac341b505b1b26570474ee3
d4b81924afe018d6525713a513cd32881ba77bbb
1b34c513f3bc57142a6ea4c7e1cd78aa7adbbf535e42ef75b4006996ff555ca7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.6 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:27:58 GMT
content-type: application/javascript
content-length: 5654
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2VNN RT(1674175647606 1015) q(0 5 5 -1) r(6 6) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.3.1
45.223.30.36200 OK 33 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.3.1
IP 45.223.30.36:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fbdb5e56574d13cc2274cb1a08e0ad51
ed0952751e5269e032689a7d15d9ae818c03948f
68705f1170d5dac1e7c2b4e22b69697d1deab45c217bd057e011c45f233f55b4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.3.1 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:31:08 GMT
content-type: application/javascript
content-length: 32920
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2VNN RT(1674175647606 1028) q(0 5 5 -1) r(6 6) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/admin/assets/images/dummy.png
45.223.30.36200 OK 73 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/admin/assets/images/dummy.png
IP 45.223.30.36:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9d08eac154f5b02ef14e612fc25b9bf2
5a1e9121811015fbc274dae72072f874aee3d805
17af9e65317bbbfbbd0bcdc729f14faadf37cd08cf30cc0fe0b72443e78cbffb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/admin/assets/images/dummy.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:02:10 GMT
accept-ranges: bytes
content-length: 73
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 713) q(0 9 9 -1) r(10 10) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=6.7.6
45.223.30.36200 OK 128 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=6.7.6
IP 45.223.30.36:0
Size 128 kB (127798 bytes)
Hash abb04cc51e5a9c6a6f0aa18cdde0c257
df259e36da85dadbffa3921fbdcee30ea1de9ebb
bc1e3931cc4a4e72d4fb99dcf227376a2dc56bada35a3166b47f5b3928b4dbb8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=6.7.6 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
last-modified: Thu, 06 Jan 2022 07:30:18 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:28 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: application/javascript
x-cdn: Imperva
x-iinfo: 38-6196248-6183462 2NNN RT(1674175647606 702) q(0 2 2 -1) r(3 3) U18
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12262
Expires: Fri, 20 Jan 2023 04:11:51 GMT
Date: Fri, 20 Jan 2023 00:47:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12262
Expires: Fri, 20 Jan 2023 04:11:51 GMT
Date: Fri, 20 Jan 2023 00:47:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff47c2704-afff-4aed-a5b2-fa29afc12772.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff47c2704-afff-4aed-a5b2-fa29afc12772.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24635ff1303f81940cb99bc20648fd13
aeeaee2d4427eb70ebebe8ae6fa2ae9617102577
c8f55d6e6204d428cf2c5217e59ed84fb1e67e4619651fcaab20de469ef64b6b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff47c2704-afff-4aed-a5b2-fa29afc12772.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4039
x-amzn-requestid: abecdf1f-4c38-451d-91da-eea3fd725c18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6w5mGVEIAMFavQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c761d6-07b2e6c1536d9de62f0d584e;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 03:04:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Kyr7KUGW_y4OWQp4BHLSiagPdHIKowXFBoUVT98GUKZ-BX6x2Gaylg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 03:35:37 GMT
age: 76312
etag: "aeeaee2d4427eb70ebebe8ae6fa2ae9617102577"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6889019ec9c1155e9e4b4eeb6a86760d
59c6f3a313efba4a67a63c9ae725db8d17c08c03
378510ecdbbb2b6248391195eace1dc3120d18b6f13e52033a3e88024592cac4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5588
x-amzn-requestid: c9d6f09b-2cd9-4137-9369-0295836e06e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnT0FkNIAMF7Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8e5-5c6360c025826ed06525c67e;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ruj2jeo2zhuDhIPufqckFmqP0Cx7ECNYRyxBYgQbHhkWH4o3m1L-OQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:29 GMT
age: 9300
etag: "59c6f3a313efba4a67a63c9ae725db8d17c08c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88cefb6f-1c5c-4b01-a9b7-a36abdbbc20c.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88cefb6f-1c5c-4b01-a9b7-a36abdbbc20c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 884f5d7c3a0ee782d4f3fe9f16099891
1c80645a9b9879d1e4b57c546ba35131ba3c28fd
a7b63d331e09518150e6d9eff0c1d80928185ed0734cf1992af7df0021b6886f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88cefb6f-1c5c-4b01-a9b7-a36abdbbc20c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10497
x-amzn-requestid: 3bc349ba-7da8-48c8-aa90-2c48c93a023d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fnEG8mIAMFgMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c612f9-08e751fc7f0eacb43fc92712;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bj1mgLbvR-w2s5DeHXjVdV6EKk5hwGDWFvoKS0AvYKy1ycpCivryDA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 04:31:32 GMT
age: 72957
etag: "1c80645a9b9879d1e4b57c546ba35131ba3c28fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3af2d51fb89ef0261ba025d76169261
9b3f4e3f63b64030624e02ad6ab8ef43a676dd66
c3d5a6f829dc59db8ed27a92fcfc6d387633bb43388e2c19d68b89356a13b1cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13812
x-amzn-requestid: c80287a0-4ce9-47bf-9658-693431f30a49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFEvIAMF1lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-6d73a53e2ffc2ec505dff89b;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y8DaJvgqntmOKzXMdwFwsibvll4D9YUqDz0XsbbhcKKiYEazXiag7A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:36 GMT
age: 9293
etag: "9b3f4e3f63b64030624e02ad6ab8ef43a676dd66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F970e5016-1064-4d66-9524-d77906184f93.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F970e5016-1064-4d66-9524-d77906184f93.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2422bc3ba3140462f4507b7a4fe3a746
d2b1d477d56fa40ca4d5e5be4b31667d5e3977a3
90f04120820c28da092bdd235a141a8ae6347f73025dbcf235a1562abf4dd9d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F970e5016-1064-4d66-9524-d77906184f93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12866
x-amzn-requestid: fe1078a2-3e26-4906-b7b4-73c9fd315e0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6w4ZHPLoAMFw8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c761cf-7ae3119b62b0ccef08dcd2af;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 03:04:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XUMVaoxCGcXbtPrEl9YC_sL_9wm-itrLj_Kb2o7P5CUo8fIq_LSlgQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 04:46:58 GMT
age: 72031
etag: "d2b1d477d56fa40ca4d5e5be4b31667d5e3977a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:54 GMT
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
age: 9275
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/business-.jpg
45.223.30.36200 OK 147 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/business-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS 70D], baseline, precision 8, 960x640, components 3\012- data
Size 147 kB (146670 bytes)
Hash 5417cd3662ed9d1ee9bf2d6ab006d8a0
d12c4ca0e4b94f1c6a8083658df0c81104337a39
ab731c7c506b2d1b42b02bd405cf2f983a3c95cef63478fb1d1316b9e0ffec61
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/business-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:12 GMT
accept-ranges: bytes
content-length: 146670
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 747) q(0 9 9 -1) r(10 10) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/images/select-icon.png
45.223.30.36200 OK 519 B URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/images/select-icon.png
IP 45.223.30.36:0
File type PNG image data, 200 x 120, 4-bit colormap, non-interlaced\012- data
Hash 9230288eb4c4bd696d0027a5978cf02c
997ff7ae0ac52cfc0409cae8a118cbb68f4acdf2
937ca700362ab2bb0a729eac70cfa73a95f3271840329ba84da33c94469ef06b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/images/select-icon.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/themes/HighendWP/style.css?ver=3.6.2
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:46:31 GMT
accept-ranges: bytes
content-length: 519
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196521 2NNN RT(1674175647606 1698) q(0 1 1 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons/Icomoon.woff
45.223.30.36200 OK 245 kB URL HTTP/2 areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons/Icomoon.woff
IP 45.223.30.36:0
File type Web Open Font Format, CFF, length 245208, version 1.0\012- data
Size 245 kB (245208 bytes)
Hash c8e3d77a47cab40d2e118e683e6e89ea
f678905a7dce4eb4b4c9c7ed8848fcf79c72f72a
3052a47307919c6be99df6cba99097b7daaa8e7db56d14ae05ed922a414441e5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/HighendWP/assets/css/icons/Icomoon.woff HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/themes/HighendWP/assets/css/icons.css?ver=3.6.2
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:46:22 GMT
accept-ranges: bytes
content-length: 245208
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: font/woff
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 1463) q(0 0 0 -1) r(0 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/dontstressmeout.resizeimage-1.jpg
45.223.30.36200 OK 314 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/dontstressmeout.resizeimage-1.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 1400x181, components 3\012- data
Size 314 kB (313923 bytes)
Hash acb7385afb2404e139bb70354009832a
617a8faf6e2da5b6d2545561c7328efd01235092
4038d09934f1945599850947e69858819dead98ca15147dc7e9dd5ca3ded49f0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/dontstressmeout.resizeimage-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:43:22 GMT
accept-ranges: bytes
content-length: 313923
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2NNN RT(1674175647606 711) q(0 9 9 -1) r(10 10) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/bot_tip_icn.png
45.223.30.36200 OK 1.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/bot_tip_icn.png
IP 45.223.30.36:0
File type PNG image data, 13 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash 49bc66cc416ce991855ee680c0dfdb18
6504511ee9cafa1d3839d1fbe54fb7fb8a5c0e0f
bde69036b36445973b218c97cba35c6f060545d60aa159884c4ce2d01375a2ff
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/bot_tip_icn.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=6.1.1
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:25:18 GMT
accept-ranges: bytes
content-length: 1080
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 1700) q(0 2 2 -1) r(2 2) U18
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%2C800&ver=6.1.1
142.250.74.74200 OK 519 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%2C800&ver=6.1.1
IP 142.250.74.74:0
Size 519 kB (518685 bytes)
Hash f9745bfd39ac3502d913e0c85e3fa04f
d8bcf59ebe04ce66ef99a5e5bbce9ab64691c45d
1143e4d8dcdaba9792afdb3ef0934d78f5ece83d609d74f51087728ddd3e5792
GET /css?family=Open+Sans%3A300%2C400%2C600%2C700%2C800&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 00:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/Dont-Srress-Me-Out-Final.jpg
45.223.30.36200 OK 790 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/Dont-Srress-Me-Out-Final.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 1400x425, components 3\012- data
Size 790 kB (789633 bytes)
Hash 07d44c61b3aed6c869da31bcf85d60c2
bb9eca0f5647c102577c5d8e268801f41f086eed
66c81f6f15778b2dbea6dc33d58900991f09960cbe31aebcce5f43ed36003031
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/Dont-Srress-Me-Out-Final.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:41:27 GMT
accept-ranges: bytes
content-length: 789633
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:29 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 712) q(0 9 9 -1) r(10 10) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/jogging-.jpg
45.223.30.36200 OK 178 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/jogging-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Size 178 kB (177789 bytes)
Hash 90e5c769164a4f8aeb91d44a9a5e8135
aeb48d19c0ae38aa93e8fc060fc6671bfbc2add2
c7f9128c50a5eeb6a6ee972f526c651a1620f76f2a17a885250cfb20e5705cec
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/jogging-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:24 GMT
accept-ranges: bytes
content-length: 177789
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 770) q(0 12 12 -1) r(13 13) U18
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Playfair+Display:400%7CRoboto:400%2C500
142.250.74.74200 OK 305 kB URL HTTP/2 fonts.googleapis.com/css?family=Playfair+Display:400%7CRoboto:400%2C500
IP 142.250.74.74:0
Size 305 kB (304863 bytes)
Hash 61eccbf60f61ae76cc7f7bf4512cf7ac
d952f2d056353ba93090d9bc9d9a36225b726d4c
e5c979fbbe7c6c7b52c1ae4aff0e3c5162e6313787f76cc0547423be3d6aa006
GET /css?family=Playfair+Display:400%7CRoboto:400%2C500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 00:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/gymnastics-.jpg
45.223.30.36200 OK 142 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/gymnastics-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Size 142 kB (141609 bytes)
Hash 6dd3cb24a6b95b530d32376d77b15f48
949f24e630eddb9a0cc4de82b9dc67ca67d66232
bd584b27862ae776b9a305a122d787d4f228d81a7c94ab0bfe5cf06f9a0c5b85
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/gymnastics-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:36 GMT
accept-ranges: bytes
content-length: 141609
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 771) q(0 14 14 -1) r(15 15) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/anchor-1.jpg
45.223.30.36200 OK 160 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/anchor-1.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 720x720, components 3\012- data
Size 160 kB (160454 bytes)
Hash e3c7d3f8a814209550e5ea1588fddf1c
3d522d89ca3a352e0a25b8949157a53b6077e8f2
7db2544558deb7357fbc0a2c9c30f27801f1051f73758dc8dfad8c86fc65e051
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/anchor-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:31 GMT
accept-ranges: bytes
content-length: 160454
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 767) q(0 12 12 -1) r(13 13) U18
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&ver=6.1.1
142.250.74.74200 OK 260 kB URL HTTP/2 fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&ver=6.1.1
IP 142.250.74.74:0
Size 260 kB (259864 bytes)
Hash e14b2467e6d2a48ee3a8ae1c8fea1f3c
954791f2f2431ecaff63816ae96168082caf1980
cf4bb4abf3f678777bc9a9fda0ea3f2f5b35c6fa86db89f47d817aefd76ec3ae
GET /css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 00:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/vitamin-e-.jpg
45.223.30.36200 OK 204 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/vitamin-e-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon PowerShot SX170 IS], baseline, precision 8, 960x540, components 3\012- data
Size 204 kB (203913 bytes)
Hash 9e5f7e2a345350df40f46853944558d7
09d6502682d1bad04066714cf59018893d92a43c
1ca63313e8f9c29f36be3cd332e68c1f8c9f8341824dbcd56e0fc820f4f02703
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/vitamin-e-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:32 GMT
accept-ranges: bytes
content-length: 203913
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 773) q(0 14 14 -1) r(15 15) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/coffee-21.jpg
45.223.30.36200 OK 159 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/coffee-21.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=samsung, model=SM-G900I], baseline, precision 8, 850x720, components 3\012- data
Size 159 kB (159110 bytes)
Hash c4e4babdcc53a878df4c36c95679b1c0
cfa790b3f7d42c0498f87d8e2fad5916cb2f7355
a463790487a7290e8c3f664912c064ae7912ff2d5d3a98d5cbeb75ef54a84265
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/coffee-21.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:11:33 GMT
accept-ranges: bytes
content-length: 159110
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2NNN RT(1674175647606 768) q(0 12 12 -1) r(14 14) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/05/energy.png
45.223.30.36200 OK 826 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/05/energy.png
IP 45.223.30.36:0
File type PNG image data, 764 x 511, 8-bit/color RGBA, non-interlaced\012- data
Size 826 kB (825654 bytes)
Hash 65cbffc8bbcd894877a14857d8c3e130
6b3d8187d61595b451aad8efa70f11c5811ac885
5c61a1c2a011b6c1886c146191e2ad857a564667eb35642e5cbb6a100f3a9307
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/05/energy.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:19:00 GMT
accept-ranges: bytes
content-length: 825654
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 778) q(0 15 15 -1) r(16 16) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/02/water-on-table-3.jpeg
45.223.30.36200 OK 59 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/02/water-on-table-3.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 940x627, components 3\012- data
Hash 535fa52c3f6206068b6fa09dc519994a
aee6625fa21be98ac95554df31121f1da7d7c23f
2cf5ddaaed964ea7b4e89d7698c6252259f5639becccb65ee36b9bdf0d8751db
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/02/water-on-table-3.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 59141
last-modified: Sat, 07 Aug 2021 01:21:20 GMT
cache-control: max-age=31536000
expires: Sun, 07 Jan 2024 04:03:59 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 780) q(0 16 16 -1) r(17 17) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/04/immune-system-concept-sketched-.jpg
45.223.30.36200 OK 171 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/04/immune-system-concept-sketched-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12], baseline, precision 8, 1300x1004, components 3\012- data
Size 171 kB (170682 bytes)
Hash 71c07853ebe974fd7802d542c41cb1eb
580b07b59613e1c20b999d5f4311adba5956ad54
bea66e8331d93da7cff1641f6a43c51ceb7379308912bf28c12431bff49f23a1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/04/immune-system-concept-sketched-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:41 GMT
accept-ranges: bytes
content-length: 170682
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 782) q(0 16 16 -1) r(16 16) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/05/jump-.jpg
45.223.30.36200 OK 141 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/05/jump-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 927x720, components 3\012- data
Size 141 kB (140805 bytes)
Hash e9ff78c44f338b280955de9c7dc788f4
abf6b96efb6ab904eee408c48d200588144e6964
79c26ea6ae6c6b858778f3f3dc1e95ee2506bc3eaab85ad51c12142d3fcb5855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/05/jump-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:19:03 GMT
accept-ranges: bytes
content-length: 140805
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 777) q(0 15 15 -1) r(15 15) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/04/garlic-kitchen-food-fresh-630766-1.jpeg
45.223.30.36200 OK 18 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/04/garlic-kitchen-food-fresh-630766-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 525x350, components 3\012- data
Hash b0d51c6c9d45024d30179152dbfac3a7
917c13580421c1df6a5851bc1e70682a0f96f372
1d5f4239862f9d684f93aee2b64bd34cd492e36c4414d70a86502826766dc361
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/04/garlic-kitchen-food-fresh-630766-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 18238
last-modified: Sat, 07 Aug 2021 01:23:35 GMT
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 783) q(0 16 16 -1) r(17 17) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/oranges.jpeg
45.223.30.36200 OK 210 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/oranges.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 210 kB (210059 bytes)
Hash 9159b57bcea78d424102384d4c566bf9
95326972e0fa4851f96e4881c22a2cc9cb54871b
aacda857188c6a921750c358af1868248060a7fd74181c6fe1d443dd9e64561e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/oranges.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "fbfeec6a"
last-modified: Sat, 07 Aug 2021 01:42:23 GMT
content-type: image/jpeg
content-length: 210059
cache-control: max-age=31438154, public
expires: Thu, 18 Jan 2024 21:36:44 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2CNN RT(1674175647606 790) q(0 17 17 -1) r(18 18) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/vitamin-b-front.jpeg
45.223.30.36200 OK 201 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/vitamin-b-front.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 201 kB (200719 bytes)
Hash d7df4c764415de2277dcea9f8d1f56f5
de8b762f8b7698cbcb321eb6a9799838c0949aea
ac8be731966f2f25f6622d7ef5a1ba81234eb55ed38ac64fb01e66dcec747595
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/vitamin-b-front.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 200719
last-modified: Sat, 07 Aug 2021 01:42:59 GMT
cache-control: max-age=31536000
expires: Fri, 29 Dec 2023 08:34:28 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 786) q(0 17 17 -1) r(18 18) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/Milk.jpeg
45.223.30.36200 OK 286 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/Milk.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 286 kB (286295 bytes)
Hash ec07989b7288ff3d99a60f5878623105
03e44fb869bd979c341ec31aa8f810193902d3a7
d7fb44f065e94164526902cbbc31d4658a2b31f31e1f355bab4fab562ad2dda0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/Milk.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 286295
last-modified: Sat, 07 Aug 2021 01:42:08 GMT
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 784) q(0 16 16 -1) r(18 18) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/vegetables-tomatoes-pepper-paprika-161723-1.jpeg
45.223.30.36200 OK 187 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/vegetables-tomatoes-pepper-paprika-161723-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1058, components 3\012- data
Size 187 kB (187256 bytes)
Hash 70ce60d691105d5239f90e0d8e953e68
399a45651758b1274a2a16b984b4151cc14875a3
5acddacf872e2fd96fc30fd2c481ea8d0a67dcd5cfd5d87b2fca66ffb3a3b426
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/vegetables-tomatoes-pepper-paprika-161723-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 187256
last-modified: Sat, 07 Aug 2021 01:42:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 787) q(0 17 17 -1) r(18 18) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/03/essential-oils-2-1.jpeg
45.223.30.36200 OK 53 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/03/essential-oils-2-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 940x627, components 3\012- data
Hash 3b1bdeca3bd3956fcb2e396bb14299f4
643f4be233ecdf6d025b3eb1f28d932d9c4b26fe
1803a1fa44a3916ca9978266249c3dfc7af6cbf19a4ae38c365a024a259e9493
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/03/essential-oils-2-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 52667
last-modified: Sat, 07 Aug 2021 01:26:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2NNN RT(1674175647606 791) q(0 18 18 -1) r(19 19) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/constant-contact-forms/assets/js/ctct-plugin-frontend.min.js?ver=1.7.0
45.223.30.36409 Conflict 6.9 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/constant-contact-forms/assets/js/ctct-plugin-frontend.min.js?ver=1.7.0
IP 45.223.30.36:0
File type HTML document, ASCII text, with very long lines (28985), with no line terminators
Hash 242a2f00a246805869d5a017d47b91d7
36dc65f5c2fa7fcb1b6886a2fc1236999586b49f
cefa6067bf891f17a7f189b0d33d01d453be5012803490c586b0201a52b34156
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/constant-contact-forms/assets/js/ctct-plugin-frontend.min.js?ver=1.7.0 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 38-6196248-6174612 2NYN RT(1674175647606 1785) q(0 1 1 -1) r(1 1) U11
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.actions.min.js?version=5.4.8
45.223.30.36200 OK 2.5 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.actions.min.js?version=5.4.8
IP 45.223.30.36:0
File type ASCII text, with very long lines (8090), with no line terminators
Hash c14527a2acdfc0bff1f11b2ac87a307a
ef8d4d3277d5793f87c1dde36ae8db65ebada201
bba7e45c4fd9ec858329a856f5187d61b15e179619e4bc51b5b8320823273502
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.actions.min.js?version=5.4.8 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:32:47 GMT
content-type: application/javascript
content-length: 2461
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:29 GMT
date: Fri, 20 Jan 2023 00:47:29 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2VNN RT(1674175647606 2542) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/05/appetite-.jpg
45.223.30.36200 OK 107 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/05/appetite-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS 30D], baseline, precision 8, 960x640, components 3\012- data
Size 107 kB (107261 bytes)
Hash 6b7c236cc6fb46597f677b4cab320c64
046c05b33e53f19c1d485cc3e86e06621f84f600
30b8ed6bd804ec45d049a3a53672582904c0a8f79306aa8a80cb86aac56f4de5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/05/appetite-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:19:10 GMT
accept-ranges: bytes
content-length: 107261
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 779) q(0 15 15 -1) r(17 17) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/fonts/Pe-icon-7-stroke.woff?d7yf1v
45.223.30.36200 OK 59 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/fonts/Pe-icon-7-stroke.woff?d7yf1v
IP 45.223.30.36:0
File type Web Open Font Format, TrueType, length 58556, version 1.0\012- data
Hash b38ef310874bdd008ac14ef3db939032
7e544bb11b7655998db6f324c612f7ffbf0ab66e
6fb4217048f333e23e0fd0ba2ab05e05fd7500f86a5a80a7cf04a2f94b257bec
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/fonts/Pe-icon-7-stroke.woff?d7yf1v HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stroke/css/pe-icon-7-stroke.css
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:03:55 GMT
accept-ranges: bytes
content-length: 58556
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: font/woff
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 2560) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/03/time-.jpg
45.223.30.36200 OK 71 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/03/time-.jpg
IP 45.223.30.36:0
File type JPEG image data, baseline, precision 8, 960x640, components 3\012- data
Hash eadd5e5a91eb6aeff31e060fc654a5c0
c0c74d11152404464d7a01fd901621dffefb2e7c
8844562a95ea3008173b54395c16ad3b5e5455c6384a7a581d7b44e1ad88e8b7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/03/time-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "e483ac28"
last-modified: Sat, 07 Aug 2021 01:15:40 GMT
content-type: image/jpeg
content-length: 70710
cache-control: max-age=30262174, public
expires: Fri, 05 Jan 2024 06:57:04 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 856) q(0 18 18 -1) r(18 18) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/01/allergy-pain.png
45.223.30.36200 OK 1.2 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/01/allergy-pain.png
IP 45.223.30.36:0
File type PNG image data, 940 x 615, 8-bit/color RGBA, non-interlaced\012- data
Size 1.2 MB (1187403 bytes)
Hash b9b7cd19523c4840839772730a308fd2
6b9c8abda9341380f6e1bd7d03f270e9e9bbe10a
51cea1974b9207e9e30415613debdecbaa2658111b6a2081248b297aa7952f6b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/allergy-pain.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "9ccb688d"
last-modified: Sat, 07 Aug 2021 01:17:09 GMT
content-type: image/png
content-length: 1187403
cache-control: max-age=30262175, public
expires: Fri, 05 Jan 2024 06:57:05 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2CNN RT(1674175647606 857) q(0 18 18 -1) r(18 18) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.layeranimation.min.js?version=5.4.8
45.223.30.36200 OK 14 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.layeranimation.min.js?version=5.4.8
IP 45.223.30.36:0
File type ASCII text, with very long lines (55557), with no line terminators
Hash 222fdbb3472e1a4d946be7cac4033e3e
1e09890c25b4c621bf2d1882d5ed64550da82151
28afa0bd1a4edfa12059bda89fd8627deafd304501b08cbd06cd9e7b5850f7c5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.layeranimation.min.js?version=5.4.8 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:32:52 GMT
content-type: application/javascript
content-length: 14177
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:30 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2VNN RT(1674175647606 2544) q(0 1 1 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.navigation.min.js?version=5.4.8
45.223.30.36200 OK 6.9 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.navigation.min.js?version=5.4.8
IP 45.223.30.36:0
File type ASCII text, with very long lines (25863), with no line terminators
Hash cc6cf43aaea1e1191542495e1f776219
d2435b61aa5d6b2c531c37684d43d37e6e9bbeba
295c822cb8a7d1447e937d9dccf6c082b8a8ea13561fe67b9a54e7fb26b965c6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.navigation.min.js?version=5.4.8 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:33:05 GMT
content-type: application/javascript
content-length: 6927
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:30 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2VNN RT(1674175647606 2545) q(0 1 1 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.parallax.min.js?version=5.4.8
45.223.30.36200 OK 3.1 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.parallax.min.js?version=5.4.8
IP 45.223.30.36:0
File type ASCII text, with very long lines (10693), with no line terminators
Hash ecb59ad128855640498f8b1cc7e945cc
9112ed14156e14e71bd9f1e36559f21e92d5322d
120079f94e88b4671aec5d88b5922b1e2b9d379bea1bf25482e636ed3844c754
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.parallax.min.js?version=5.4.8 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 07:33:04 GMT
content-type: application/javascript
content-length: 3126
content-encoding: gzip
cache-control: max-age=21600, public
expires: Fri, 20 Jan 2023 06:47:30 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2VNN RT(1674175647606 2547) q(0 1 1 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/02/chocolate-charisse-kenion-456575-1.jpg
45.223.30.36200 OK 1.6 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/02/chocolate-charisse-kenion-456575-1.jpg
IP 45.223.30.36:0
File type JPEG image data, baseline, precision 8, 3699x2209, components 3\012- data
Size 1.6 MB (1551258 bytes)
Hash 16635c7246374c1f6e4dd84f60598922
eaba3b3e9b6d3895b5e5935d622a9c535d46f1f6
9a2f6e6d88916afabb84b1a6b2fb5128513a3d8ef9c364f4a1b619ef1e8716a2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/02/chocolate-charisse-kenion-456575-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "5bd4a266"
last-modified: Sat, 07 Aug 2021 01:22:21 GMT
content-type: image/jpeg
content-length: 1551258
cache-control: max-age=30265692, public
expires: Fri, 05 Jan 2024 07:55:42 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2CNN RT(1674175647606 859) q(0 19 19 -1) r(19 19) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/images/loader.gif
45.223.30.36200 OK 2.5 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/images/loader.gif
IP 45.223.30.36:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 4b3afb84b2b71ef56df09997a350bd04
accdac8a7abeab0e21c49539aad0a973addb28ef
9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/images/loader.gif HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=2.3.1
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:01:22 GMT
accept-ranges: bytes
content-length: 2545
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/gif
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2NNN RT(1674175647606 2640) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/morning-1.jpg
45.223.30.36200 OK 69 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/morning-1.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=FUJIFILM, model=X-T1], baseline, precision 8, 480x720, components 3\012- data
Hash 51b479c674f0fc1b92f96488020f4193
edf4a086a59e8597b20a3cdabe2affafe438683f
b4f8ffe6c9cf43b228b62b94b1014ee69421ee8ae07e3f2317807efa581e9faf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/morning-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:13 GMT
accept-ranges: bytes
content-length: 69153
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 858) q(0 18 18 -1) r(19 19) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/01/food-coconut.jpg
45.223.30.36200 OK 202 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/01/food-coconut.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=NIKON CORPORATION, model=NIKON D5200], baseline, precision 8, 960x640, components 3\012- data
Size 202 kB (201539 bytes)
Hash 7c7052d5b8547d647feb245c581ed3fc
2489a7f48eaa40a1d13ea38fe5b44efb022e671d
99e4f1acb7a3b0968823b51cf3d0fd1eb7819b475b269cb99cda3b429e256782
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/food-coconut.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:17:38 GMT
accept-ranges: bytes
content-length: 201539
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 860) q(0 19 19 -1) r(19 19) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/12/jug-3464829_960_720-1.jpg
45.223.30.36200 OK 136 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/12/jug-3464829_960_720-1.jpg
IP 45.223.30.36:0
File type JPEG image data, baseline, precision 8, 960x640, components 3\012- data
Size 136 kB (135868 bytes)
Hash c12a73fafe77316fcb8fcde8f9604cdf
99d68e4f6c2d59df0bb35fe11ae8eab8dfcacdbe
6942cc167d941b9d394cec69cd322be2b5965bdc2cbd000c04e96e224a11bec3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/12/jug-3464829_960_720-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "cb436c10"
last-modified: Sat, 07 Aug 2021 01:28:24 GMT
content-type: image/jpeg
content-length: 135868
cache-control: max-age=31416659, public
expires: Thu, 18 Jan 2024 15:38:29 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2CNN RT(1674175647606 862) q(0 19 19 -1) r(19 19) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/01/water-.jpg
45.223.30.36200 OK 127 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/01/water-.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Size 127 kB (126573 bytes)
Hash c555f5500a6a8324bf00a7b50d16b5b2
1b17e0bf479d148e615a36493386b694936cf95d
605b09afcafdc202fde32e4622e781bc3e4e324a60096e507732ec9d193cba34
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/water-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:18:05 GMT
accept-ranges: bytes
content-length: 126573
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2NNN RT(1674175647606 860) q(0 19 19 -1) r(20 20) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/01/woman-sad.jpg
45.223.30.36200 OK 134 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/01/woman-sad.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Size 134 kB (133887 bytes)
Hash fbffd8ebae4f2062483466966318a26e
58712810dfb2760c91a253dfa983ec613a283cc9
0f8033442dbf9b8bbf852d5d6288aad50470c89312db1614188a1ebb41d4f94f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/woman-sad.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:18:03 GMT
accept-ranges: bytes
content-length: 133887
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2NNN RT(1674175647606 861) q(0 19 19 -1) r(20 20) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/04/depression-pexels.jpeg
45.223.30.36200 OK 125 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/04/depression-pexels.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1255, components 3\012- data
Size 125 kB (124752 bytes)
Hash 7f4b924956646deb324051e4f87cfac7
c9ba192a5daccfbf8e84bad0773e6d77c56f01c0
0ab97df04348e96aa292fd27bbc4b11cf28a05d40bc189c4c816a30763e1cb4b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/04/depression-pexels.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 124752
last-modified: Sat, 07 Aug 2021 01:14:08 GMT
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 02:35:41 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 787) q(0 17 17 -1) r(19 19) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/01/sad-women-3.jpeg
45.223.30.36200 OK 320 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/01/sad-women-3.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 2999x1910, components 3\012- data
Size 320 kB (319465 bytes)
Hash 4e2601d5fef08c720a9ccc588a3dbfa9
547d9fd4f64cad69fb0d179a5972244cb365cb83
f849c95ced5546a6612263581f4dc60d54fb6196ca0ab6058bc9e9e9a02f330a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/01/sad-women-3.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 319465
last-modified: Sat, 07 Aug 2021 01:32:17 GMT
cache-control: max-age=31536000
expires: Fri, 12 Jan 2024 13:58:15 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 858) q(0 19 19 -1) r(20 20) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/12/girl-865304_960_720-1.jpg
45.223.30.36200 OK 52 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/12/girl-865304_960_720-1.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Hash fe84861ac1803926c50f8d67bfa52f0f
cf633fd3c7cd2c67e820cec6661f5e6419f3a8c4
06ba6d6d4a80176a50e102dfafee5c9626d41086de20674b2c858478d1a743d6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/12/girl-865304_960_720-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:28:25 GMT
accept-ranges: bytes
content-length: 52319
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 864) q(0 20 20 -1) r(20 20) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/04/laughing-girl-1.jpeg
45.223.30.36200 OK 48 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/04/laughing-girl-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 817x650, components 3\012- data
Hash dce9af9757bb2cae946a1e84b2431871
67c0e5229ba5aa961831cb280ec50163c755ddaf
711bc81e7338926fd38b83fe87e02978f422f09053fa0b6dd7b1580e556094f1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/04/laughing-girl-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 47675
last-modified: Sat, 07 Aug 2021 01:23:30 GMT
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 02:35:42 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 863) q(0 19 19 -1) r(21 21) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/01/new-years-eve-3891889_960_720.jpg
45.223.30.36200 OK 273 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/01/new-years-eve-3891889_960_720.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x628, components 3\012- data
Size 273 kB (272658 bytes)
Hash f4f22530c5a242028a5a11923aef6d5a
ee3d833a40304eb8aa97699f5353c5b5103f5990
073964c3c3cba51a5c48ef0a9f1c3b5a1670232090dbef5454c0d29ae2b386fb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/new-years-eve-3891889_960_720.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:18:22 GMT
accept-ranges: bytes
content-length: 272658
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 862) q(0 19 19 -1) r(20 20) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/11/tie-690084_960_720.jpg
45.223.30.36200 OK 113 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/11/tie-690084_960_720.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Size 113 kB (113027 bytes)
Hash 2a7b819280e850b08009378d17ee7d8f
7b22c7412132c1442dd7a6442d435429eefe1253
c9959016a459cc323c297507f316a02a59f349ec9d0eff1fb9b6552fd030facf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/11/tie-690084_960_720.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:34:31 GMT
accept-ranges: bytes
content-length: 113027
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 867) q(0 21 21 -1) r(21 21) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/11/Character.png
45.223.30.36200 OK 763 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/11/Character.png
IP 45.223.30.36:0
File type PNG image data, 939 x 719, 8-bit/color RGBA, non-interlaced\012- data
Size 763 kB (763414 bytes)
Hash a2b68d9891e0f376f821fbe50da0bc30
ca4b44a7acc5d44f9e4784704c1fd5a5564f7314
de10a561e69b711cf5a7c63c86d3e2f13cb9bd181e37112d3a9d4e7cbcd6ded7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/11/Character.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:35:13 GMT
accept-ranges: bytes
content-length: 763414
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 865) q(0 20 20 -1) r(21 21) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/05/body-language-1.jpeg
45.223.30.36200 OK 116 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/05/body-language-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1245, components 3\012- data
Size 116 kB (115966 bytes)
Hash d0868ac8503c678b06a919d2d85c7f04
3a5d4e8f92997a0e02aba7b0a886bc4640a74486
034c7039b028ca1a28b5bdb93ab3d2a0930a8f82ed9e017b7fc0d287bf369f7f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/05/body-language-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 115966
last-modified: Sat, 07 Aug 2021 01:43:27 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2NNN RT(1674175647606 867) q(0 20 20 -1) r(22 22) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/11/body-language-4.png
45.223.30.36200 OK 911 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/11/body-language-4.png
IP 45.223.30.36:0
File type PNG image data, 848 x 788, 8-bit/color RGBA, non-interlaced\012- data
Size 911 kB (911003 bytes)
Hash 2cfa96556a37e5dccc074f8cb69da2c3
13ce0b4ab4f82cbafd4ed669f25673a310e20406
dbfa49d92fcc0b03fa69b10aee68b76ae03f020ffbec5ff1f5610e6c1e1cd323
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/11/body-language-4.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:34:32 GMT
accept-ranges: bytes
content-length: 911003
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2NNN RT(1674175647606 866) q(0 20 20 -1) r(21 21) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/tight-fit.png
45.223.30.36200 OK 501 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/tight-fit.png
IP 45.223.30.36:0
File type PNG image data, 810 x 450, 8-bit/color RGBA, non-interlaced\012- data
Size 501 kB (500833 bytes)
Hash f27195f8559c1f5ab641f38907c1673a
8e26b3657d1706d7554f8dbbd367d48131d3ff73
48ea59645e39423b11555dbc1c0071615caa923102b7165204dbb87b272e42e5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/tight-fit.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:36:21 GMT
accept-ranges: bytes
content-length: 500833
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 868) q(0 21 21 -1) r(22 22) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/05/goals2-1.jpeg
45.223.30.36200 OK 142 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/05/goals2-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 142 kB (141464 bytes)
Hash 540f9d4848400ba9b48985cd74e5072a
337b55a52c2337d9124086bce31b590836d962ab
d246f1703593e7591d41dcd933cd157c497195549364574308bb60e22504e6aa
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/05/goals2-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 141464
last-modified: Sat, 07 Aug 2021 01:43:29 GMT
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 865) q(0 20 20 -1) r(22 22) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/angry.jpeg
45.223.30.36200 OK 150 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/angry.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 150 kB (149587 bytes)
Hash 694d8ed2f7683ffa03b75ab417177f5b
7f1afae5c00bd3a44aa7899965bd9d5a1cf776bd
94f412b2c3be072507525125526f732ba97cdd1a8f64389c72ae99d341dee62b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/angry.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 149587
last-modified: Sat, 07 Aug 2021 01:36:19 GMT
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 876) q(0 22 22 -1) r(24 24) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/stressed-girl.jpeg
45.223.30.36200 OK 236 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/stressed-girl.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1733x1300, components 3\012- data
Size 236 kB (236106 bytes)
Hash 231b09d9fc95b51e399ae1de02279240
91dd941df2e2d096eb58166a6453c86e1e98e46e
27f66da42ea677378300b3e5b63cb29ce5e2f004f39b48d18688aa052f8e559b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/stressed-girl.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 236106
last-modified: Sat, 07 Aug 2021 01:35:28 GMT
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 868) q(0 21 21 -1) r(24 24) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/Untitled-design-36.png
45.223.30.36200 OK 486 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/Untitled-design-36.png
IP 45.223.30.36:0
File type PNG image data, 799 x 531, 8-bit/color RGBA, non-interlaced\012- data
Size 486 kB (486183 bytes)
Hash 1ef027259a9da4d7dac789b5d6c1f9d9
fa993cca44d63de8a8e771614e7bd60c27de706f
409a77eeb6d5911f55e99d6c1b7b8d938387e7fb223cf47169b0aaa49722a984
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/Untitled-design-36.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:38:15 GMT
accept-ranges: bytes
content-length: 486183
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 875) q(0 22 22 -1) r(24 24) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/woman-sleeping.jpg
45.223.30.36200 OK 62 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/woman-sleeping.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS 5D Mark II], baseline, precision 8, 960x640, components 3\012- data
Hash 4cc2d37acb0c214c27dc9fea36fabc3d
990b06c522dd2e81c33072becdb26ecb5f534188
911353bf7c87ab09a2fcc83718688ae79a7dde75bbde5eefe8cbcc06a7cd93bd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/woman-sleeping.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:37:13 GMT
accept-ranges: bytes
content-length: 62012
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 877) q(0 24 24 -1) r(25 25) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/relaxing-girl.jpeg
45.223.30.36200 OK 296 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/relaxing-girl.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1733x1300, components 3\012- data
Size 296 kB (296021 bytes)
Hash b9f02d7706bea08ab673ba862d72e405
3dfc575940ef5a29d4c4d6f28826730fc9d2bc3b
5c62f83d61367007fec0de0b985a456d00a09c00eda4dfaaf6a5bfd6f71689fb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/relaxing-girl.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "293443a7"
last-modified: Sat, 07 Aug 2021 01:36:06 GMT
content-type: image/jpeg
content-length: 296021
cache-control: max-age=30220919, public
expires: Thu, 04 Jan 2024 19:29:30 GMT
date: Fri, 20 Jan 2023 00:47:31 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183460 2CNN RT(1674175647606 879) q(0 24 24 -1) r(24 24) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/09/panic.png
45.223.30.36200 OK 1.3 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/09/panic.png
IP 45.223.30.36:0
File type PNG image data, 960 x 683, 8-bit/color RGBA, non-interlaced\012- data
Size 1.3 MB (1330994 bytes)
Hash fa8f45fe2600ae61a583049ecaf863cb
c9507d59adf14b2ad0bf3551191500ffd90b3dec
2e34d334430ab030bc1cfc1e7be31768c908194b18300be2879a70aac8eab70c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/panic.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:24:35 GMT
accept-ranges: bytes
content-length: 1330994
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 874) q(0 21 21 -1) r(22 22) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/09/grateful-1.jpeg
45.223.30.36200 OK 294 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/09/grateful-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 294 kB (294209 bytes)
Hash 1233e7ce70e0ff270863d79e1707fe1f
d9789c221762e4278dc636bc03d0d8d0e8d199e8
b7d0fa88a79059f2b7c013f57d2a2ac9009821c4f7b892c50033e5d47b34c575
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/grateful-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 294209
last-modified: Sat, 07 Aug 2021 01:23:56 GMT
cache-control: max-age=31536000
expires: Sun, 07 Jan 2024 05:29:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 881) q(0 25 25 -1) r(26 26) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/sailors-696112_960_720.jpg
45.223.30.36200 OK 132 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/sailors-696112_960_720.jpg
IP 45.223.30.36:0
File type JPEG image data, baseline, precision 8, 960x637, components 3\012- data
Size 132 kB (131858 bytes)
Hash 88e20761888e990723d5fa57a1ffa378
b03624f736c200ea4750d5832cd737655a4ca345
4fbc0d58675a92fdc9b89a4e01c46550fc0aff261fde30822463de345337721b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/sailors-696112_960_720.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "4efc5ab2"
last-modified: Sat, 07 Aug 2021 01:35:44 GMT
content-type: image/jpeg
content-length: 131858
cache-control: max-age=30161723, public
expires: Thu, 04 Jan 2024 03:02:53 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2CNN RT(1674175647606 880) q(0 24 24 -1) r(25 25) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/image-3.png
45.223.30.36200 OK 524 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/image-3.png
IP 45.223.30.36:0
File type PNG image data, 960 x 640, 8-bit/color RGB, non-interlaced\012- data
Size 524 kB (524408 bytes)
Hash ca609be11fb0d366c401ccd72a8bb481
8e71482837077f8b449142d8584106ac5d5c394d
2a4554561ba054f678ce47b2bff055e7bb896ad96caf90e2af2bbd8b3ce7c7e2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/image-3.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "e8dd78e1"
last-modified: Sat, 07 Aug 2021 01:36:04 GMT
content-type: image/png
content-length: 524408
cache-control: max-age=29714785, public
expires: Fri, 29 Dec 2023 22:53:55 GMT
date: Fri, 20 Jan 2023 00:47:30 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2CNN RT(1674175647606 882) q(0 26 26 -1) r(26 26) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/Can-stress-cause-cancer.png
45.223.30.36200 OK 782 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/Can-stress-cause-cancer.png
IP 45.223.30.36:0
File type PNG image data, 800 x 568, 8-bit/color RGBA, non-interlaced\012- data
Size 782 kB (782542 bytes)
Hash 98d4dd877c374f4b55cd43affc462d54
6c904b2621a6c92f161b05ac59c14afd083b8fe4
0937aba4c525ecd3867e4f3f1b5151a44bd1838f33bf1291c14f10b69a352653
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/Can-stress-cause-cancer.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "b114e969"
last-modified: Sat, 07 Aug 2021 01:35:21 GMT
content-type: image/png
content-length: 782542
cache-control: max-age=31416658, public
expires: Thu, 18 Jan 2024 15:38:29 GMT
date: Fri, 20 Jan 2023 00:47:31 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2CNN RT(1674175647606 880) q(0 25 25 -1) r(25 25) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/Why-you-need-vitamin-B12-1.png
45.223.30.36200 OK 910 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/Why-you-need-vitamin-B12-1.png
IP 45.223.30.36:0
File type PNG image data, 825 x 511, 8-bit/color RGBA, non-interlaced\012- data
Size 910 kB (910293 bytes)
Hash 0a51f21ca4fbc0f1585069ce46ba458d
06b211f5eb069e54c09714144bc6a08cf4cd0ba6
f30481c27163540419e9b22cc3b4f407763b9ce1c47e3949e8c8e18add8579b5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/Why-you-need-vitamin-B12-1.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:37:42 GMT
accept-ranges: bytes
content-length: 910293
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 879) q(0 24 24 -1) r(25 25) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/09/anger2.jpeg
45.223.30.36200 OK 105 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/09/anger2.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 105 kB (104623 bytes)
Hash 1a9dfe0e04bba32276564ebc0998a659
703662cc5fc39c0fc74e4b45f02e27da2048eafc
a59a8ebb69de7d02ee56185eba642f20355b683b905f627b8227b774c40a17b5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/anger2.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 104623
last-modified: Sat, 07 Aug 2021 01:24:21 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2NNN RT(1674175647606 885) q(0 27 27 -1) r(29 29) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/06/relaxing-hammock-1.jpeg
45.223.30.36200 OK 150 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/06/relaxing-hammock-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1751x1300, components 3\012- data
Size 150 kB (149949 bytes)
Hash ffe97e6b3c5c510069c1284da9dcaa7f
d7c5353c5e27118dc2c1ae30c6008ad7a1658d72
67346454b40ea82a700cda5f08f5c5c7ea37306e6bbd45d44753469cc369162a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/06/relaxing-hammock-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 149949
last-modified: Sat, 07 Aug 2021 01:27:45 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 884) q(0 27 27 -1) r(29 29) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/InkedDontStressMeOut.com_LI.jpg
45.223.30.36200 OK 1.1 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/InkedDontStressMeOut.com_LI.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [\012- TIFF image data, big-endian, direntries=2], baseline, precision 8, 796x600, components 3\012- data
Size 1.1 MB (1053932 bytes)
Hash bc33a0abff843b49497c07262b20d63e
a763e332658ec8cf2cf861941f910c7024c83c26
ded0c6cbc34be8e834fb9c43d9c55a24339c5da9871d5ed1db87f0d97061e5f5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/InkedDontStressMeOut.com_LI.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:35:47 GMT
accept-ranges: bytes
content-length: 1053932
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 882) q(0 26 26 -1) r(27 27) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/goal-writing-1.jpeg
45.223.30.36200 OK 38 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/goal-writing-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 940x628, components 3\012- data
Hash 91f27ae20a18150b77d48a574e8753b1
90a64b640efdd3bbba0da5671cb9d000c6d6da29
b0193eb13650a4fe4e1108c07f21c28e5a301d05b4ab4352375573ca5e1e1359
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/goal-writing-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 37866
last-modified: Sat, 07 Aug 2021 01:40:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 887) q(0 29 29 -1) r(30 30) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/font/fontello/fonts/egfont.woff?85610117
45.223.30.36200 OK 34 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/font/fontello/fonts/egfont.woff?85610117
IP 45.223.30.36:0
File type Web Open Font Format, TrueType, length 34372, version 1.0\012- data
Hash 24ba2552b50573cfb8477109de1d7a8e
3ca0df534aec5b30b2e629d6cb4577d69ab81183
2dd942a9920cec10562433ca0693c01bef408f9bf97937fe8604e918be29be24
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-grid/public/assets/font/fontello/fonts/egfont.woff?85610117 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=2.3.1
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:01:27 GMT
accept-ranges: bytes
content-length: 34372
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: font/woff
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 3683) q(0 1 1 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/09/tapemeasure.jpeg
45.223.30.36200 OK 123 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/09/tapemeasure.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1513x1300, components 3\012- data
Size 123 kB (123201 bytes)
Hash 9ade46c4e52ddf8d0a6f3d9de0159e3d
5de17e4b774da8ddc56ef42c65cd2389a4c76cf2
c4998e87fd991a4976132c0b172f9c4af6f5d515fdbe296c92914592da3b095a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/tapemeasure.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 123201
last-modified: Sat, 07 Aug 2021 01:24:48 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 887) q(0 29 29 -1) r(30 30) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/cardio-graph-1.jpeg
45.223.30.36200 OK 185 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/cardio-graph-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1253, components 3\012- data
Size 185 kB (184626 bytes)
Hash c3c2c5144ed13d7ccff7ba4c5bec8381
b616c1fc8766b789ba65fe0cdd40e66e88c31006
23ff9db680fe5a12e4a567558bd8b3246870a105e95dc7f9b59d45b2de3a6d7b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/cardio-graph-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "50a9d27d"
last-modified: Sat, 07 Aug 2021 01:42:29 GMT
content-type: image/jpeg
content-length: 184626
cache-control: max-age=31023124, public
expires: Sun, 14 Jan 2024 02:19:35 GMT
date: Fri, 20 Jan 2023 00:47:31 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6183462 2CNN RT(1674175647606 884) q(0 27 27 -1) r(27 27) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/10/stock-photo-photography-photographer-creativity-creative-goals-inspired-picoftheday-photooftheday-director-b138ae49-25a7-479b-9d4f-1856afc7de1f-1.jpg
45.223.30.36200 OK 72 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/10/stock-photo-photography-photographer-creativity-creative-goals-inspired-picoftheday-photooftheday-director-b138ae49-25a7-479b-9d4f-1856afc7de1f-1.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x426, components 3\012- data
Hash 3cb3b5f84764683a27aa73d9440382b8
501c02d88cfb7d4c55218c19a00e938a7a8599e4
e8a6b18f7567b8e176bd3b202a4c9bca5cdc45c76cd9433b1b52c3e862624fe2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/stock-photo-photography-photographer-creativity-creative-goals-inspired-picoftheday-photooftheday-director-b138ae49-25a7-479b-9d4f-1856afc7de1f-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:36:40 GMT
accept-ranges: bytes
content-length: 72242
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6197037 2NNN RT(1674175647606 886) q(0 27 27 -1) r(27 30) U18
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Droid+Serif%3A400%2C700&ver=6.1.1
142.250.74.74200 OK 643 kB URL HTTP/2 fonts.googleapis.com/css?family=Droid+Serif%3A400%2C700&ver=6.1.1
IP 142.250.74.74:0
Size 643 kB (643193 bytes)
Hash 40e9da12e776f4f64d0305a733670afa
0b9dfa03ec459bc4e808de3f6aa0803b57ce0dd8
c86b99017c5f426ea954a8fbfa705e658cb1e429d2f755eaae52100868a68958
GET /css?family=Droid+Serif%3A400%2C700&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 00:47:28 GMT
date: Fri, 20 Jan 2023 00:47:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/sleeping-person-1.jpeg
45.223.30.36200 OK 88 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/sleeping-person-1.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1246, components 3\012- data
Hash f2d5a4548fbaa7fab91e8adcad41e98a
712c3f466c88fbeeb4de7c2b30161bc7756ec7a2
ad33399a025b4ffcecb4a5ed207e3438b412c55453eafe714e0494f1c68cdb25
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/sleeping-person-1.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 88439
last-modified: Sat, 07 Aug 2021 01:40:27 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 892) q(0 31 31 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/woman-despair.jpg
45.223.30.36200 OK 133 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/woman-despair.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x541, components 3\012- data
Size 133 kB (132922 bytes)
Hash 6e6e333c3998e83634f37dc526d24e48
e006f39c22cd1c41cd86dc81a9b6c1f8495ae066
b7ca67c3bbf568d3834a73101944530634c1aec1206b805380f0fa574e2a3e17
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/woman-despair.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:42:11 GMT
accept-ranges: bytes
content-length: 132922
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 888) q(0 30 30 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/magnesium-food-collection-natural-products-containing-pumpkin-seeds-poppy-seed-cashew-nuts-beans-raw-cocoa-beans-almonds-65919094-1.jpg
45.223.30.36200 OK 128 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/magnesium-food-collection-natural-products-containing-pumpkin-seeds-poppy-seed-cashew-nuts-beans-raw-cocoa-beans-almonds-65919094-1.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 800x580, components 3\012- data
Size 128 kB (128474 bytes)
Hash db0ddad767ae078dfb07f5398248aa19
eed412a8dd4f3d702de711d6463a0c2912091fc0
30675076544fe6390cc52573d45c3aef2a2d0c14587350a1f42320ad24d9fab4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/magnesium-food-collection-natural-products-containing-pumpkin-seeds-poppy-seed-cashew-nuts-beans-raw-cocoa-beans-almonds-65919094-1.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:42:52 GMT
accept-ranges: bytes
content-length: 128474
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 889) q(0 30 30 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/09/lifeonbeach-e1538350124719.jpg
45.223.30.36200 OK 1.3 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/09/lifeonbeach-e1538350124719.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, manufacturer=Apple, model=iPhone 8, orientation=upper-left, xresolution=138, yresolution=146, resolutionunit=2, software=11.4.1, datetime=2018:09:24 16:43:07], baseline, precision 8, 3024x4032, components 3\012- data
Size 1.3 MB (1303541 bytes)
Hash bf9ebd8ccb28a6ad6c4feaf1f0755bc8
60fa94c7ccbcd01a2e349f6f5232899fa1267cc0
2f09db9c0e1e6242033e600e758e7c3e88a7a3b334c12a699317491779593d55
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/lifeonbeach-e1538350124719.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:24:02 GMT
accept-ranges: bytes
content-length: 1303541
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 883) q(0 27 27 -1) r(29 29) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/01/tell-the-truth.jpg
45.223.30.36200 OK 103 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/01/tell-the-truth.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x427, components 3\012- data
Size 103 kB (102746 bytes)
Hash c4d804d3552e0ae4a9c8338e676801b0
bc48b922d5cd7d292b491423267484cfdf0ecc69
21b810e286e5dc06db9dce02fae8133bdc5a715671e8c5f0228786d79dc4417a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/01/tell-the-truth.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:33:17 GMT
accept-ranges: bytes
content-length: 102746
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 897) q(0 32 32 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/strength-1148029_960_720.jpg
45.223.30.36200 OK 172 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/strength-1148029_960_720.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS 5D Mark III], baseline, precision 8, 960x640, components 3\012- data
Size 172 kB (171623 bytes)
Hash 9d4e7cd1aa15d50a8a3b436ed1d5cdb9
1a8feb3723ba06ef86390466dc17a14352edb6f0
33095f891153e9f3f207b1f3f8f82af2d7b8c12fb5655aa1170766dde1fd5af5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/strength-1148029_960_720.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:40:50 GMT
accept-ranges: bytes
content-length: 171623
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 895) q(0 32 32 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/01/sick.jpeg
45.223.30.36200 OK 313 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/01/sick.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1820x1300, components 3\012- data
Size 313 kB (313036 bytes)
Hash 48d9314b9a267a592c23b200b05a6a61
31e9e329785f9cf5c65cbde03529e94871343daa
e458e479bf47a8638bb2da7e83fac5d459ead52cda856c2d4d87857e1ff84ba7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/01/sick.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 313036
last-modified: Sat, 07 Aug 2021 01:33:33 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 896) q(0 32 32 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/11/worried-girl-413690_960_720-3.jpg
45.223.30.36200 OK 120 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/11/worried-girl-413690_960_720-3.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Size 120 kB (120353 bytes)
Hash b55e5cab7bdbdc88e35a4679db241010
d5bf5b61d662742be944b5bfcb8aa96ef99c54a5
e41aa54b380783919c648a8d5110a29b9405a8bea83b4ccbc9d025550d41505b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/11/worried-girl-413690_960_720-3.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:09:30 GMT
accept-ranges: bytes
content-length: 120353
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 899) q(0 35 35 -1) r(36 36) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/08/Lunch-Bunch-preview.png
45.223.30.36200 OK 1.5 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/08/Lunch-Bunch-preview.png
IP 45.223.30.36:0
File type PNG image data, 940 x 788, 8-bit/color RGBA, non-interlaced\012- data
Size 1.5 MB (1481063 bytes)
Hash f8a088a60b520199730a6eb473b123b3
9ac4c9a502af05c48d1832e1a0839a1c2598024a
5f8a6877e26d55e6b85f1dc7bd0da55354b2ca11f6a979d93cb31391fe3b3e55
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/08/Lunch-Bunch-preview.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:31 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:43:24 GMT
accept-ranges: bytes
content-length: 1481063
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:31 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 890) q(0 31 31 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/benefits-of-gratitude-preview.png
45.223.30.36200 OK 1.3 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/benefits-of-gratitude-preview.png
IP 45.223.30.36:0
File type PNG image data, 929 x 626, 8-bit/color RGBA, non-interlaced\012- data
Size 1.3 MB (1270847 bytes)
Hash 0c70ba93aacd517cc360e1dd0c1884a7
705d28c97b4c00e7a99df928e51ef7ac87a5310d
ed5e3d3e38ce5d0fa99b2a4032b3ce1060ad65a9a7037fccf4e5d63d22d3ac4a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/benefits-of-gratitude-preview.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "a952f9e6"
last-modified: Sat, 07 Aug 2021 01:39:30 GMT
content-type: image/png
content-length: 1270847
cache-control: max-age=31478915, public
expires: Fri, 19 Jan 2024 08:56:06 GMT
date: Fri, 20 Jan 2023 00:47:31 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2CNN RT(1674175647606 894) q(0 33 33 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/12/5-Ways-to-STOP-2.png
45.223.30.36200 OK 428 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/12/5-Ways-to-STOP-2.png
IP 45.223.30.36:0
File type PNG image data, 940 x 788, 8-bit/color RGBA, non-interlaced\012- data
Size 428 kB (427984 bytes)
Hash ba8db25014d930383475ba17c0524af5
e62146541e53a6b8417c7a50be79bc4859c7f0bb
8f4f30221938360194ae291748c591bd2077494ca219d1597189d0c759bc347a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/12/5-Ways-to-STOP-2.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:07:10 GMT
accept-ranges: bytes
content-length: 427984
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 898) q(0 33 33 -1) r(35 35) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/12/match-lit-match-fire-flame-594382.jpeg
45.223.30.36200 OK 75 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/12/match-lit-match-fire-flame-594382.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1257, components 3\012- data
Hash d518443ebbd0b1436d5ae24618184cb4
a454ea7dd8075f6eaccb9a71dd1aeab1eaccf95e
8b4a380575284b719c217e43ae9d2129523e5d7abda833053393b88f2c7a5087
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/12/match-lit-match-fire-flame-594382.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 75287
last-modified: Sat, 07 Aug 2021 01:07:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6197037 2NNN RT(1674175647606 899) q(0 35 35 -1) r(36 36) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/DontStressMeOut.com-4.png
45.223.30.36200 OK 1.1 MB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/DontStressMeOut.com-4.png
IP 45.223.30.36:0
File type PNG image data, 940 x 788, 8-bit/color RGBA, non-interlaced\012- data
Size 1.1 MB (1097038 bytes)
Hash 6f69ae6270266ee88ac97f526a4cfe4f
9b0b64fd9c7db5da43b90f8a42b524c8c5d83fde
6b637ba4b5f04b0cc783618c711f03d59560c796e030a573ca6fec86aa3db443
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/DontStressMeOut.com-4.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:39:03 GMT
accept-ranges: bytes
content-length: 1097038
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 894) q(0 32 32 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/11/Affirmations-2.jpeg
45.223.30.36200 OK 258 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/11/Affirmations-2.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1149, components 3\012- data
Size 258 kB (257945 bytes)
Hash ea0c53e5754d6da564b805c0ed2b09ea
13cd68e0e5cb0c064cbab7393a38663ce68aad96
65b32fe3ab6c35c2965fd1e279e7752cf264c51744eedd06083f982b73c24f07
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/11/Affirmations-2.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "b4bf039d"
last-modified: Sat, 07 Aug 2021 01:10:31 GMT
content-type: image/jpeg
content-length: 257945
cache-control: max-age=30291234, public
expires: Fri, 05 Jan 2024 15:01:25 GMT
date: Fri, 20 Jan 2023 00:47:31 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2CNN RT(1674175647606 900) q(0 36 36 -1) r(38 38) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/11/unhappy.jpeg
45.223.30.36200 OK 363 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/11/unhappy.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1245, components 3\012- data
Size 363 kB (363200 bytes)
Hash c8c563605f2f8bf1e58f0bbcb8309dfd
143be3584e05158858ebb63f6736bcc62b8be536
3c349486ea1ce4a3e7b7a1f1bec710b87dbc8895e440b3988297cb33e93e232d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/11/unhappy.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 363200
last-modified: Sat, 07 Aug 2021 01:10:34 GMT
cache-control: max-age=31536000
expires: Sun, 07 Jan 2024 05:29:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 901) q(0 36 36 -1) r(38 38) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_twitter.png
45.223.30.36200 OK 1.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_twitter.png
IP 45.223.30.36:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 5ef581a76d066d21387f83a6cb6818e2
7914b3902b034780b575d6319e5db633448a80eb
c938c59100b0c9f1873d47453c9f2924ad60fabe79cb44aacc601198af379f62
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_twitter.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:27:00 GMT
accept-ranges: bytes
content-length: 1224
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 905) q(0 38 38 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/10/15134678_10209574482590899_521338526105625726_n.jpg
45.223.30.36200 OK 96 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/10/15134678_10209574482590899_521338526105625726_n.jpg
IP 45.223.30.36:0
File type JPEG image data, progressive, precision 8, 959x959, components 3\012- data
Hash 5b299ceaf97e70be0727ad040a155249
d3c2ba23ef6ddd62468c9d35340a069a93968c3b
693bfdd427b73d4bc1d70a7f757d642cda42fc2a22bbe180d02d92d8dc07a155
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/10/15134678_10209574482590899_521338526105625726_n.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:11:09 GMT
accept-ranges: bytes
content-length: 96337
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 902) q(0 38 38 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_fb.png
45.223.30.36200 OK 1.0 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_fb.png
IP 45.223.30.36:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 4111c678af8ac22f429dc8c866ed32cc
cf88ac5bd04e17e56a28040e27b5a57656e3c970
9ddd8b79f5c9e1dc6cc2223cbe200e8ac027401a099f2ea68c6777a59f794c78
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_fb.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:27:02 GMT
accept-ranges: bytes
content-length: 1000
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 903) q(0 38 38 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/Visit_us_fb/icon_Visit_us_en_US.png
45.223.30.36200 OK 4.3 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/Visit_us_fb/icon_Visit_us_en_US.png
IP 45.223.30.36:0
File type PNG image data, 93 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 87fb171d702988f006f20d4f95ce6808
0edc8d01c4ea8ebf94ab3cc0d3c6e121c9408f88
24d3c56c2375033c7fb2483daf26d0026c05a278eea0fe98c940b497c4e75491
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/visit_icons/Visit_us_fb/icon_Visit_us_en_US.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:25:43 GMT
accept-ranges: bytes
content-length: 4261
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6197037 2NNN RT(1674175647606 904) q(0 38 38 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/Visit_us_twitter/icon_Visit_us_en_US.png
45.223.30.36200 OK 3.9 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/Visit_us_twitter/icon_Visit_us_en_US.png
IP 45.223.30.36:0
File type PNG image data, 93 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash d8f2d254eec166adde349712feece919
d8f91466e126a1b6d926efb7d8811619b72ea7f5
f648b1f3b68f323856f2d786726d72dcc26ca2d57c5cca680404e385ef07e009
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/visit_icons/Visit_us_twitter/icon_Visit_us_en_US.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:26:06 GMT
accept-ranges: bytes
content-length: 3943
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196793 2NNN RT(1674175647606 906) q(0 39 39 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_youtube.png
45.223.30.36200 OK 1.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_youtube.png
IP 45.223.30.36:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 502f4d1fa8ed4269cfc9c89c30813fa9
fa135b1a2fb111b96e9f3522fc10753636e86bf3
87effcb77accffc81a76c31ee480f5925df593671597b66c53c727ae556266c8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_youtube.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:27:03 GMT
accept-ranges: bytes
content-length: 1189
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 907) q(0 39 39 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2017/10/Affirmations.jpeg
45.223.30.36200 OK 99 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2017/10/Affirmations.jpeg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1880x1249, components 3\012- data
Hash 41d870dac84d9ed395ef67a2fc76dc15
cec640dec0802e7dc6207c8cee0a803a33fea7e7
af7bcce56973ce17265a030906b532ef6221b703ff562613b06fb2933ff81409
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/10/Affirmations.jpeg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: nginx/1.21.6
content-type: image/jpeg
content-length: 99392
last-modified: Sat, 07 Aug 2021 01:11:11 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: MISS
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 902) q(0 38 38 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/youtube.png
45.223.30.36200 OK 1.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/youtube.png
IP 45.223.30.36:0
File type PNG image data, 86 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f743d228c9675494093e5ba0f5cb2e4
9f6de025fb974748c7443091f79fffd01f7b87ab
b207b92a4fd1616a7304021bbe002d0d802bacbf78ede0ed4294428f26157086
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/visit_icons/youtube.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:26:03 GMT
accept-ranges: bytes
content-length: 1412
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 908) q(0 39 39 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_pinterest.png
45.223.30.36200 OK 1.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_pinterest.png
IP 45.223.30.36:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 7601608ab54f9707692aeecae003062f
5a79597d60617358c648f73e5864466c86eeae17
2e66a61c7a87298dea89579203f5939008e85bc09d63e4c635752ba6d890f33f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_pinterest.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:27:02 GMT
accept-ranges: bytes
content-length: 1232
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 908) q(0 39 39 -1) r(39 39) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/pinterest.png
45.223.30.36200 OK 2.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/visit_icons/pinterest.png
IP 45.223.30.36:0
File type PNG image data, 64 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash c51aca4f2a0bf6ffc65bb17de58a9beb
207fa5a96a688b7568489b151015e36fcde0ba6f
7d939b2d8e8e28457450435e3ff9e86ef9fe40d87dd4791fb517847f8ccc8379
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/visit_icons/pinterest.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:25:31 GMT
accept-ranges: bytes
content-length: 2156
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196545 2NNN RT(1674175647606 909) q(0 39 39 -1) r(40 40) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_instagram.png
45.223.30.36200 OK 1.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_instagram.png
IP 45.223.30.36:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash afe79840b841e581d02382de677bda04
fd8be7dd0d31f987b9497d60aef1a8c0dd0eea76
0c09822a023593068eb5b81cc36da8fa209ba66fac6fdd2944ebff137f0ea400
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-plus/images/icons_theme/default/default_instagram.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:27:02 GMT
accept-ranges: bytes
content-length: 1417
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:32 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 910) q(0 39 39 -1) r(40 40) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/business--160x160.jpg
45.223.30.36200 OK 7.2 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/business--160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS 70D], baseline, precision 8, 160x160, components 3\012- data
Hash 5a8f23794818b5c03c1f1bb18e895f1b
e615febe9648996507e40de0b8f651b929d99a7b
99f4fdeb85ffe535717bd2f1a6793b6ebae87af28b3792bd39a9625db58edf44
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/business--160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:36 GMT
accept-ranges: bytes
content-length: 7197
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6197037 2NNN RT(1674175647606 5019) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
45.223.30.36200 OK 7.5 kB URL HTTP/2 areyoulivingwell.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
IP 45.223.30.36:0
File type Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Hash 04eb8fc57f27498e5ae37523e3bfb2c7
d942ae11706c3f7e511e3c49b0e4574d7ad199c4
f7b9c3065e55fa3b9e320093612e7b30dcb14355a44ec461247b495a3e729686
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://areyoulivingwell.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.1
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:03:54 GMT
accept-ranges: bytes
content-length: 7536
cache-control: max-age=21600
expires: Fri, 20 Jan 2023 06:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: font/woff
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 5017) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/laughing-at-yourself-160x160.png
45.223.30.36200 OK 42 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/laughing-at-yourself-160x160.png
IP 45.223.30.36:0
File type PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced\012- data
Hash 11b104cfd52b68da06e5a7375d434404
37fc9da745561e756d66e2fa241514ca49a8502d
fc149cdaa72ef06d1901c3d95579c1171a8c8779bc0eefbde4571dfbda101bed
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/laughing-at-yourself-160x160.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:37 GMT
accept-ranges: bytes
content-length: 42383
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
x-cdn: Imperva
x-iinfo: 38-6196248-6178139 2NNN RT(1674175647606 5022) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/fresh-2-160x160.jpg
45.223.30.36200 OK 11 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/fresh-2-160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS 1100D], baseline, precision 8, 160x160, components 3\012- data
Hash 1d30a1fa7853fdab411fa6d3c65e4631
24d55cb929527e542bd37664aa55d04cc1f46a6d
44ebfe3e49bf2600068f1ecf57b03df260ebf9bb2c068ea35ea4a3e05319d79a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/fresh-2-160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:11:59 GMT
accept-ranges: bytes
content-length: 11118
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 5027) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2018/07/Jifdif-300x225.jpg
45.223.30.36200 OK 22 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2018/07/Jifdif-300x225.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=11, manufacturer=Apple, model=iPhone 8, orientation=upper-left, xresolution=162, yresolution=170, resolutionunit=2, software=11.4, datetime=2018:07:05 12:14:14], baseline, precision 8, 300x225, components 3\012- data
Hash dc368530ba060d35a04ff4c2df8e412d
285920f3a0fe264255e959288b1f634273650dc7
a623daec52d58b763e00645527cab1b7ca6071fc710afda94982a5afe4a354eb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/07/Jifdif-300x225.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:39:31 GMT
accept-ranges: bytes
content-length: 22374
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6181320 2NNN RT(1674175647606 1763) q(0 31 31 -1) r(33 33) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/coffee-21-160x160.jpg
45.223.30.36200 OK 6.7 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/coffee-21-160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=samsung, model=SM-G900I], baseline, precision 8, 160x160, components 3\012- data
Hash 05903d009b6814be5d9b4539ae7b2b76
7c6d8be6c65d70a4d0a25f60b0ec372996accb31
ed74546a7fd0b8a4a839051f76960390710027ff25b220a8d4c9c2de028ba8d5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/coffee-21-160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:37 GMT
accept-ranges: bytes
content-length: 6725
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196803 2NNN RT(1674175647606 5087) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/anchor-1-160x160.jpg
45.223.30.36200 OK 6.7 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/anchor-1-160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 160x160, components 3\012- data
Hash 0511a0ad29e9590c5a52f43f63f3fa46
92a647a1a2f89a8852657a973862d4341faf8f03
2d126f029e02bbe5e1997850d058f117550820f3ef9c4bbf591b62c2ec20fb22
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/anchor-1-160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:38 GMT
accept-ranges: bytes
content-length: 6732
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196764 2NNN RT(1674175647606 5078) q(0 1 1 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/pumpkin-seeds-2-160x160.jpg
45.223.30.36200 OK 9.8 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/pumpkin-seeds-2-160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=SONY, model=ILCE-7RM2], baseline, precision 8, 160x160, components 3\012- data
Hash c4643e1ea7c6daa0c72d65425835332b
43725938b059af15e1dc8477d18bde703fb3ecb4
10c749334420714be24ed16cd45640638def8c6642a672878a2f4d0e00e02dde
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/pumpkin-seeds-2-160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:13:24 GMT
accept-ranges: bytes
content-length: 9831
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6197037 2NNN RT(1674175647606 5038) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/jogging--160x160.jpg
45.223.30.36200 OK 5.7 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/jogging--160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x160, components 3\012- data
Hash 3598d4a833c8ab00fd73adf446d67ee2
9692c2273722dd56bb0b81e79fd7b45efc947000
374f2155c92b65d55ebfc7964bed2137c3668fb58f8e90fbc9133172efb54304
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/jogging--160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:16 GMT
accept-ranges: bytes
content-length: 5712
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196523 2NNN RT(1674175647606 5095) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/02/gymnastics--160x160.jpg
45.223.30.36200 OK 5.4 kB URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/02/gymnastics--160x160.jpg
IP 45.223.30.36:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x160, components 3\012- data
Hash 070cb4851effae7524944f9e662ae9f7
68a20c1b14d9c3f92518fd6e2ae70a73b2bc4036
08239bd0fb9a48cc0de039a72656a394ca9370dc58c1f9619c02b29071cf7b62
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/02/gymnastics--160x160.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:33 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:12:43 GMT
accept-ranges: bytes
content-length: 5386
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6174612 2NNN RT(1674175647606 5104) q(0 0 0 -1) r(1 1) U18
X-Firefox-Spdy: h2
assets.pinterest.com/js/pinit_main.js?0.38233913461424673
23.38.200.197200 OK 19 kB URL HTTP/2 assets.pinterest.com/js/pinit_main.js?0.38233913461424673
IP 23.38.200.197:0
File type Unicode text, UTF-8 text, with very long lines (32016)
Hash 3725764cf05d1a0938de73d398772331
abdc742d760ca9c8f28c8d44ca9796d9ad6c0bc7
f8c41f2f59fc9e9d088bc9002eef583c3cf256b4cd371619b18107b4abd92812
GET /js/pinit_main.js?0.38233913461424673 HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "3725764cf05d1a0938de73d398772331"
content-encoding: br
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 18679
cache-control: max-age=124
vary: Accept-Encoding, Origin
x-cdn: akamai
access-control-max-age: 86400
access-control-expose-headers: X-CDN
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c09fe3755f0cababb9dbd1e047bfd56
d76f6078e850d2821cef9aafec1dbca9654da281
1cc0bf113be42f803bb99403507f33ec49151538c5227d3d1d4c498e1ccd013d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4418
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:33 GMT
Last-Modified: Thu, 19 Jan 2023 23:33:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 58b3433737966a7aae0c293073ae5806
6c081275509d3a4c4de96c8462bed78bce191385
6d590eeda4306c6036e8f3fc1d71bac1a016b4018959778cb750d7d0cbcd5387
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 20 Jan 2023 00:41:07 GMT
expires: Fri, 20 Jan 2023 02:41:07 GMT
cache-control: public, max-age=7200
age: 386
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1957)
Hash b9d17cff778b959567ca2b5ef1614079
81e455926cd016948b0f13123daad0242e592366
4abe667b74539abe118f37b48e111a3f23578dc0f19266c2d85815249521bacf
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 89ec3038a661e94ea41a7478789c9943
etag: "0ebb401dafb2b05d0cb478ad7a211c76"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 20 Jan 2023 01:07:31 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: udF8/3eLlZVnyite8WFAeQ==
x-fb-debug: vkexL3U6oScB9fvxXISGmO5eRgCeMFrYHJ9qwpS2vDmRxoQySW1VFRuWleBlyMTOv4W2gdrPdCTMU9/k7DUX5Q==
content-length: 1685
x-fb-trip-id: 1904183273
date: Fri, 20 Jan 2023 00:47:33 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
172.217.21.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 172.217.21.174:0
File type ASCII text, with very long lines (1429)
Hash 1cc36f699291ba29dab9ec0f885b281b
d536f8bda7d333c21eae8e3d816d690402adb90c
6b20ce0ec6b6c57b33e8118f8d5d3c501ede61b8589ebab71d411b81d0fae994
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20933
date: Fri, 20 Jan 2023 00:47:33 GMT
expires: Fri, 20 Jan 2023 00:47:33 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "4fcbc207c89b8c6c"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c09fe3755f0cababb9dbd1e047bfd56
d76f6078e850d2821cef9aafec1dbca9654da281
1cc0bf113be42f803bb99403507f33ec49151538c5227d3d1d4c498e1ccd013d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4418
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:33 GMT
Last-Modified: Thu, 19 Jan 2023 23:33:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=3fbdceccd154460edc6c404b3e4e68df
31.13.72.12200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=3fbdceccd154460edc6c404b3e4e68df
IP 31.13.72.12:0
File type ASCII text, with very long lines (18530)
Hash a46dcbaf07755f0aa4326731da78f4a3
1418d8fa3dbb501044f44ac63335d91f45894c29
a57e4f285324a27594c610703be993a3156d3c566348842b7f148685c06dc2f7
GET /en_US/sdk.js?hash=3fbdceccd154460edc6c404b3e4e68df HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://areyoulivingwell.com
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: af466f8efd58a67e9d1a93933ebd8209
etag: "c15114f37ac5324aaae5dbddd40de929"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 20 Jan 2024 00:02:30 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: pG3Lrwd1XwqkMmcx2nj0ow==
x-fb-debug: srroiv01laVCQFSVAw88jVGaMOPz0Z1I0I81cdeege/XfBE54ICUDUg5GgopjRnEZuvPz44ZF4lv20KVQ4JptA==
content-length: 88415
x-fb-trip-id: 1904183273
date: Fri, 20 Jan 2023 00:47:33 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 623f341fa3fd0e09d3a2b649ea882919
98c12490034b5633fcc6386b627947806495fc61
edf2873ae5aee565800ffbd38c62519e683adf9f4624bd49af202b64f158f5eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1e28e2532af1e9b4578ea8b81a6ed825
39280518df20777a0b3bdd2b84bd3a9e91927663
8552a34c225f61351c121f5b10d4bfe6afdaf4621182c2b24f1ad43bed221505
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 00:47:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
142.250.74.131200 OK 4.3 kB URL HTTP/2 ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP 142.250.74.131:0
File type ASCII text, with very long lines (2267)
Hash 3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282
GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 20:43:52 GMT
expires: Fri, 19 Jan 2024 20:43:52 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 13 Jan 2023 01:10:45 GMT
content-type: text/javascript
age: 14622
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df364d2844161aa6%26domain%3Dareyoulivingwell.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fareyoulivingwell.com%252Ff2dd42d8fb73266%26relation%3Dparent.parent&container_width=140&href=https%3A%2F%2Fareyoulivingwell.com%2F&layout=button&locale=en_US&sdk=joey&show_faces=false&width=180
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df364d2844161aa6%26domain%3Dareyoulivingwell.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fareyoulivingwell.com%252Ff2dd42d8fb73266%26relation%3Dparent.parent&container_width=140&href=https%3A%2F%2Fareyoulivingwell.com%2F&layout=button&locale=en_US&sdk=joey&show_faces=false&width=180
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df364d2844161aa6%26domain%3Dareyoulivingwell.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fareyoulivingwell.com%252Ff2dd42d8fb73266%26relation%3Dparent.parent&container_width=140&href=https%3A%2F%2Fareyoulivingwell.com%2F&layout=button&locale=en_US&sdk=joey&show_faces=false&width=180 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: 9thzI6hTIGy5+Ajal0OvY+glxlXB44u3gj6NpFEIC3U/tHaW2KsUkzWphDGOPOYD22XMq3XNrQJ+d/KH4kyqhA==
content-length: 0
date: Fri, 20 Jan 2023 00:47:34 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
log.pinterest.com/?type=pidget&guid=BX212Uk0bNj8&tv=2021110201&event=init&sub=www&button_count=1&follow_count=0&pin_count=0&profile_count=0&board_count=0§ion_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fareyoulivingwell.com%2F&viaSrc=canonical
151.101.0.84200 OK 0 B URL HTTP/2 log.pinterest.com/?type=pidget&guid=BX212Uk0bNj8&tv=2021110201&event=init&sub=www&button_count=1&follow_count=0&pin_count=0&profile_count=0&board_count=0§ion_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fareyoulivingwell.com%2F&viaSrc=canonical
IP 151.101.0.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?type=pidget&guid=BX212Uk0bNj8&tv=2021110201&event=init&sub=www&button_count=1&follow_count=0&pin_count=0&profile_count=0&board_count=0§ion_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fareyoulivingwell.com%2F&viaSrc=canonical HTTP/1.1
Host: log.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-envoy-upstream-service-time: 3
server: envoy
x-pinterest-rid: 2162901405182545
accept-ranges: bytes
date: Fri, 20 Jan 2023 00:47:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1683-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1674175655.814056,VS0,VE43
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
content-length: 0
X-Firefox-Spdy: h2
areyoulivingwell.com/?wc-ajax=get_refreshed_fragments
45.223.30.36200 OK 475 B URL HTTP/2 areyoulivingwell.com/?wc-ajax=get_refreshed_fragments
IP 45.223.30.36:0
File type JSON data\012- HTML document, ASCII text, with very long lines (1252), with no line terminators
Hash 38b3d8098fd2d1c103f94fd5eaf3032b
8dc3b6900d9cf67b16f00a5a38179df4e764ce79
12c7d36b519a70796500bd971d93221a176d683f11d00f49a7502eba2bd6ce0d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://areyoulivingwell.com
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:32 GMT
server: Apache
access-control-allow-origin: https://areyoulivingwell.com
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-transform, no-cache, no-store, must-revalidate
x-robots-tag: noindex
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 475
content-type: application/json; charset=UTF-8
x-cdn: Imperva
x-iinfo: 38-6196248-6196314 PNNN RT(1674175647606 4511) q(0 0 0 -1) r(2 30) U6
X-Firefox-Spdy: h2
areyoulivingwell.com/favicon.ico
45.223.30.36302 Found 0 B URL HTTP/2 areyoulivingwell.com/favicon.ico
IP 45.223.30.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Fri, 20 Jan 2023 00:47:36 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 0
link: <https://areyoulivingwell.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
location: https://areyoulivingwell.com/wp-includes/images/w-logo-blue-white-bg.png
cache-control: max-age=7200
expires: Fri, 20 Jan 2023 02:47:33 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: EXPIRED
x-cdn: Imperva
x-iinfo: 38-6196248-6197192 NNNN CT(69 76 0) RT(1674175647606 5444) q(0 0 1 -1) r(2 21) U11
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-includes/images/w-logo-blue-white-bg.png
45.223.30.36200 OK 4.1 kB URL HTTP/2 areyoulivingwell.com/wp-includes/images/w-logo-blue-white-bg.png
IP 45.223.30.36:0
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://areyoulivingwell.com/
Connection: keep-alive
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==; _ga=GA1.2.2006713649.1674175653; _gid=GA1.2.1304023723.1674175653; _gat_gtag_UA_122218998_2=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "f4c3a70d"
last-modified: Sat, 07 Aug 2021 02:37:59 GMT
content-type: image/png
content-length: 4119
cache-control: max-age=27071901, public
expires: Wed, 29 Nov 2023 08:45:56 GMT
date: Fri, 20 Jan 2023 00:47:35 GMT
x-cdn: Imperva
x-iinfo: 38-6196248-6197037 2CNN RT(1674175647606 7680) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 865f3b7fce94742b22851118e29491a2
24d8d638eb39f3ff6a6a8f2337d77f3852a99dba
1b3bb3b03e787aa7b1f60f61c4adf6463a3586399d47c5ec5a2aec7b0aaa03ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11675
x-amzn-requestid: 718b88d6-5f97-42b0-8e9d-1cd6e646690a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7UihGrpIAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79adc-03cdafe06c8871bb63cbbd6a;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:08:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ARzXtlV41pRcNijtEI0YObkrDQA63q4DZLg2w4yz5W1CsBsvQJ7zaQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 07:28:47 GMT
age: 62329
etag: "24d8d638eb39f3ff6a6a8f2337d77f3852a99dba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.youtube.com/subscribe_embed?usegapi=1&channel=Don%5C%27tStressMeOut.com&layout=default&count=hidden&origin=https%3A%2F%2Fareyoulivingwell.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__
142.250.74.142200 OK 0 B URL HTTP/2 www.youtube.com/subscribe_embed?usegapi=1&channel=Don%5C%27tStressMeOut.com&layout=default&count=hidden&origin=https%3A%2F%2Fareyoulivingwell.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__
IP 142.250.74.142:0
GET /subscribe_embed?usegapi=1&channel=Don%5C%27tStressMeOut.com&layout=default&count=hidden&origin=https%3A%2F%2Fareyoulivingwell.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__ HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 20 Jan 2023 00:47:33 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=4sHokuAdLa0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=; Domain=.youtube.com; Expires=Sat, 25-Apr-2020 00:47:33 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+075; expires=Sun, 19-Jan-2025 00:47:33 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2
45.223.30.36409 Conflict 0 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2
IP 45.223.30.36:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 20 Jan 2023 00:47:29 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 38-6196248-6174612 2NYN RT(1674175647606 913) q(0 2 2 -1) r(3 3) U11
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.6
45.223.30.36200 OK 0 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.6
IP 45.223.30.36:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.6 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 02:21:25 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sun, 19 Feb 2023 00:47:28 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/css
x-cdn: Imperva
x-iinfo: 38-6196248-6150852 2NNN RT(1674175647606 697) q(0 0 0 -1) r(2 2) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/
45.223.30.36200 OK 0 B IP 45.223.30.36:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:29 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
link: <https://areyoulivingwell.com/wp-json/>; rel="https://api.w.org/", <https://areyoulivingwell.com/wp-json/wp/v2/pages/11>; rel="alternate"; type="application/json", <https://areyoulivingwell.com/>; rel=shortlink
cache-control: max-age=7200
expires: Fri, 20 Jan 2023 02:22:02 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: HIT
set-cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; expires=Fri, 19 Jan 2024 06:54:11 GMT; HttpOnly; path=/; Domain=.areyoulivingwell.com
incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==; path=/; Domain=.areyoulivingwell.com
x-cdn: Imperva
x-iinfo: 38-6196248-6196314 NNNN CT(66 71 0) RT(1674175647606 115) q(0 0 1 1) r(2 2) U12
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/uploads/2019/01/kale-.jpg
45.223.30.36200 OK 0 B URL HTTP/2 areyoulivingwell.com/wp-content/uploads/2019/01/kale-.jpg
IP 45.223.30.36:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/kale-.jpg HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 00:47:30 GMT
server: Apache
last-modified: Sat, 07 Aug 2021 01:17:22 GMT
accept-ranges: bytes
content-length: 349000
cache-control: max-age=31536000
expires: Sat, 20 Jan 2024 00:47:30 GMT
host-header: Y2xvdWQuYmx1ZWhvc3QuY29t
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/jpeg
x-cdn: Imperva
x-iinfo: 38-6196248-6196762 2NNN RT(1674175647606 772) q(0 14 14 -1) r(15 15) U18
X-Firefox-Spdy: h2
areyoulivingwell.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
45.223.30.36409 Conflict 0 B URL HTTP/2 areyoulivingwell.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
IP 45.223.30.36:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2 HTTP/1.1
Host: areyoulivingwell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Cookie: visid_incap_2714157=7JqOY6wAQL+GYyRZ6Q0ZDJ/kyWMAAAAAQUIPAAAAAAANh7d3XzNy4+pEyjHjaGnt; incap_ses_1607_2714157=OCCrCqvshAzjml48OzZNFp/kyWMAAAAAAnA21//D6dT6FghFVwoNXA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 20 Jan 2023 00:47:28 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 38-6196248-6183462 2NYN RT(1674175647606 575) q(0 0 0 -1) r(4 4) U11
X-Firefox-Spdy: h2
accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fareyoulivingwell.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__
216.58.211.13200 OK 0 B URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fareyoulivingwell.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__
IP 216.58.211.13:0
GET /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fareyoulivingwell.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 20 Jan 2023 00:47:34 GMT
content-security-policy: script-src 'nonce-GZm8IHaT6rCd7WPs5LRH8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/v2.5/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2a60dafbe0ad0c%26domain%3Dareyoulivingwell.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fareyoulivingwell.com%252Ff2dd42d8fb73266%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fareyoulivingwell.com%2F&layout=button&locale=en_US&sdk=joey
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/v2.5/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2a60dafbe0ad0c%26domain%3Dareyoulivingwell.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fareyoulivingwell.com%252Ff2dd42d8fb73266%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fareyoulivingwell.com%2F&layout=button&locale=en_US&sdk=joey
IP 31.13.72.36:0
GET /v2.5/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2a60dafbe0ad0c%26domain%3Dareyoulivingwell.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fareyoulivingwell.com%252Ff2dd42d8fb73266%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fareyoulivingwell.com%2F&layout=button&locale=en_US&sdk=joey HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://areyoulivingwell.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v9.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: qkeU4FqUq7sb6yBER9SEYKgRktxUFl7azdEwwocdNpjJEBZemy8kHjJ3SAb1EMqQ5fR+R1aqXtn8m1gjIE6iJg==
date: Fri, 20 Jan 2023 00:47:34 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2