firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 10:10:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sWUNXxRNrEddttud0fm3j2hi66VipBGUqLWblvoTKD3RGZh1HTpatA==
Age: 2342
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b0d651d83075c7a68e3c6a9204226150
294785e3f3a67cdd5f1a530b83a2cbd2c2cc0665
17cbb43fd6662576ba3fe8e06cf44247c903c1313cc419053599c41e286a2442
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17CBB43FD6662576BA3FE8E06CF44247C903C1313CC419053599C41E286A2442"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4497
Expires: Fri, 16 Sep 2022 12:04:49 GMT
Date: Fri, 16 Sep 2022 10:49:52 GMT
Connection: keep-alive
wellhealthhtc.com/f2t4km/
151.101.194.159301 Moved Permanently 162 B URL HTTP/1.1 wellhealthhtc.com/f2t4km/
IP 151.101.194.159:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert openphish United States Postal Service
fortinet Phishing
GET /f2t4km/ HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://wellhealthhtc.com/f2t4km/
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: yn5y32isco
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Content-Length: 162
Accept-Ranges: bytes
Date: Fri, 16 Sep 2022 10:49:52 GMT
Connection: keep-alive
X-Served-By: cache-bma1649-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1663325393.607317,VS0,VE113
Vary: Authorization
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jzDRS61Hc2we7Obn7aXcPJEpzQkjhoYdgVmV39Q4VVJBjSfqfXguHg==
age: 22477
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 10:49:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
wellhealthhtc.com/f2t4km/
151.101.194.159404 Not Found 18 kB URL HTTP/2 wellhealthhtc.com/f2t4km/
IP 151.101.194.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20812), with CRLF, LF line terminators
Hash 6d4e85f3138c4f59631919273a68f464
83da8bac0b4341e96213a0f22f74aa64c41e3e72
644ae9c9491e3e184a84a0900bdc0cad85489834137eba19e5e6932fdc1eacf7
Analyzer Verdict Alert openphish United States Postal Service
fortinet Phishing
GET /f2t4km/ HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://wellhealthhtc.com/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: yn5y32isco
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: NO:Not Cacheable
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.796064,VS0,VE377
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 17621
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 16 Sep 2022 10:03:22 GMT
Expires: Fri, 16 Sep 2022 10:18:00 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4DrzYp0VurJcSR1YLSY5l1XB6pzfaoM5MvWskWZxyQwG3Kl78YDjGA==
Age: 2791
wellhealthhtc.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
151.101.194.159200 OK 34 kB URL HTTP/2 wellhealthhtc.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 151.101.194.159:0
File type ASCII text, with very long lines (65447)
Hash 22b0253c0ecce70e41e296d176b0d972
a161c363d2092739db21bfeb2cf23c980ec71580
181967b7928e133789c8edbb8bdcb73d44a0328d884b613f8ebfb182b4c3c52e
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 20:17:43 GMT
etag: W/"630e7067-15db1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: yn5y32isco
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.253920,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34060
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
151.101.194.159200 OK 4.4 kB URL HTTP/2 wellhealthhtc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 151.101.194.159:0
File type ASCII text, with very long lines (11126)
Hash 24957bc8161f979c6e661f46fdc3974f
fa1237ffe8b3745baa78ac481239038e133fcc17
46acf87c90961d413ac24eace25b77a8d5236daf38799fec2daf0bc350cc6ebe
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 20:17:43 GMT
etag: W/"630e7067-2bd8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: yn5y32isco
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.254375,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4405
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
151.101.194.159200 OK 8.6 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
IP 151.101.194.159:0
Hash 555d5c1381bfbb6aaab0d674e8cae8f4
1a5b5f3c6a6dca68c2e306859ff6984a92fdce72
3b49c566ecd484683c8635a9a6fd926bfcd12b6afdbc4d99ddff807b0dd701f9
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 08 Jun 2022 16:16:08 GMT
etag: W/"62a0cb48-8583"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.257765,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8625
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/js/vendor/jquery.jplayer.min.js?ver=2.6.0
151.101.194.159200 OK 15 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/js/vendor/jquery.jplayer.min.js?ver=2.6.0
IP 151.101.194.159:0
File type ASCII text, with very long lines (587)
Hash d9bb9570a10a24c58809c99b8548ad90
382a026d406bda65ef8bb31530540aed67b8edbd
5e63696008b998a24de59d81887263bd9b8ac22e4dace9dabd5e00c0a36dca46
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/js/vendor/jquery.jplayer.min.js?ver=2.6.0 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 06 Sep 2022 18:27:35 GMT
etag: W/"63179117-d454"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.257754,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14805
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/notibar/assets/frontend/js/notibar.js?ver=1.9.9
151.101.194.159200 OK 3.7 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/notibar/assets/frontend/js/notibar.js?ver=1.9.9
IP 151.101.194.159:0
Hash 7c67a36d66fedb522eaf6dd13b22447b
eb7d77338f8684fba186fa404d7425939a16ca4f
13bf89b8ae7dfd08cdd97e9bd7518f0f707a82e6316571bd1a28342972c20e4e
GET /wp-content/plugins/notibar/assets/frontend/js/notibar.js?ver=1.9.9 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 18 Jul 2022 07:21:10 GMT
etag: W/"62d509e6-64fd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.262695,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3691
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.2
151.101.194.159200 OK 209 B URL HTTP/2 wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.2
IP 151.101.194.159:0
File type ASCII text, with very long lines (409), with CRLF line terminators
Hash a63b8bf4557227386144e703de4fc27d
233b8b95785f340206ac3bde6c33b5b07363d4d3
7f3cc1ab22603a5fdba5680ee09df9800cfadc87df4195323af07a77d3df64c3
GET /wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 06 Sep 2022 17:06:12 GMT
etag: W/"63177e04-1cd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.262577,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 209
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/js/elise_scripts.js?ver=1.3.19
151.101.194.159200 OK 66 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/js/elise_scripts.js?ver=1.3.19
IP 151.101.194.159:0
File type ASCII text, with very long lines (32003), with CRLF line terminators
Hash 31b0f2de92d645b4141235e9e07b17b7
aa75301909f7c3b4ecee70670c4dd2387cf86e9a
6459d6a45cce5c3133f3bc90b42f401d900910983056052595d02677c13bb857
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/js/elise_scripts.js?ver=1.3.19 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 21:47:07 GMT
etag: W/"6036c95b-2fc70"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.263119,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 65882
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
151.101.194.159200 OK 5.5 kB URL HTTP/2 wellhealthhtc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 151.101.194.159:0
File type ASCII text, with very long lines (15660)
Hash 17db16eba9de064a60b18a592b36634a
82fc955209623803111e48d5be3cf345315be6f5
1144901adf4e1d54838e6e04a2b75314f3b95518ee654d8c1742af50e355b433
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 20:17:43 GMT
etag: W/"630e7067-48b9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: yn5y32isco
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325393.281131,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5515
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 10:49:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 10:49:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wellhealthhtc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
151.101.194.159200 OK 14 kB URL HTTP/2 wellhealthhtc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 151.101.194.159:0
File type ASCII text, with very long lines (43771)
Hash 1047dd6779111ec73736abd71a40fef9
e08643922ce9a1a488f2a72c0341807f59f7528e
d85287eacda4e97356cf1b53ec765e34c8913558d6fb485b334debf78c89a3bf
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 30 Aug 2022 20:17:43 GMT
etag: W/"630e7067-15b64"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: yn5y32isco
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.241076,VS0,VE115
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13906
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
151.101.194.159200 OK 987 B URL HTTP/2 wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
IP 151.101.194.159:0
Hash 4d3681a6121cc4485251f17b6fbcc050
384536c7d7962d40b76c1e633731355cb19a101c
b559938b64442f26b94c0b4afbe3179d3277dc9f5c66faefe9df0a46f82ed533
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 08 Jun 2022 16:16:08 GMT
etag: W/"62a0cb48-c22"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.242047,VS0,VE115
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 987
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
151.101.194.159200 OK 5.2 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
IP 151.101.194.159:0
Hash 673ead5a696beb757389a0042915f4db
0a626c568f2b92a1bc56ab23bb3cc0152ddcb300
c3c4ea6cb839af77041a06e6899ce0c7898f5f9cb3071ef5b66de513ef0128b9
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 08 Jun 2022 16:16:08 GMT
etag: W/"62a0cb48-6a71"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.242598,VS0,VE116
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5182
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.2
151.101.194.159200 OK 5.2 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.2
IP 151.101.194.159:0
File type ASCII text, with very long lines (20604)
Hash 6a548c1b35fc2fe0761c47a78b25d924
163ed6c3fa2e10e5840157c182fb96ecec5c0b1d
5b029061eec182bed2c53287e4bc0aeabaadb6ce7cf422a2ba455e1fd9fda86b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 06 Sep 2022 17:06:12 GMT
etag: W/"63177e04-511e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.244246,VS0,VE117
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5161
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/notibar/assets/frontend/css/notibar.css?ver=1.9.9
151.101.194.159200 OK 832 B URL HTTP/2 wellhealthhtc.com/wp-content/plugins/notibar/assets/frontend/css/notibar.css?ver=1.9.9
IP 151.101.194.159:0
Hash 1b037fa402071c4e270a74946a741577
8944448b811b5b2bc0cbde34c1eb7cdfb45a1ec2
6ce70bd142bd46839031859dec75e59d2c51b0e18e52d81eadf99a392566ac29
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/notibar/assets/frontend/css/notibar.css?ver=1.9.9 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 18 Jul 2022 07:21:10 GMT
etag: W/"62d509e6-c04"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.245272,VS0,VE117
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 832
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/css/icons/css/font-awesome.min.css?ver=4.1.0
151.101.194.159200 OK 5.5 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/css/icons/css/font-awesome.min.css?ver=4.1.0
IP 151.101.194.159:0
File type ASCII text, with very long lines (21822)
Hash 1db09558f7d48476ade00f32b0bfc3c4
55d440308310d872c0e714e3802ea0540ac0fe66
bfcde5250ca026369f80eb42414e360d7634a21c52beb22497e2da6218f68e6c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/css/icons/css/font-awesome.min.css?ver=4.1.0 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:47:05 GMT
etag: W/"6036c959-55e0"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.247834,VS0,VE118
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5530
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/css/bootstrap.min.css?ver=3.3.0
151.101.194.159200 OK 22 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/css/bootstrap.min.css?ver=3.3.0
IP 151.101.194.159:0
File type ASCII text, with very long lines (65371)
Hash 4f50481b96a4687c701c410f1778202c
6fb0cc4c062505cf0a9f608a0d0b130cc807d582
a4c9f661262cb0ea141452a3cbdb8a3b97bdbee85443e37be75851c6e8d10e2d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/css/bootstrap.min.css?ver=3.3.0 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:47:05 GMT
etag: W/"6036c959-1bd5b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.247656,VS0,VE118
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 22016
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/style.css?ver=1.3.19
151.101.194.159200 OK 44 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/style.css?ver=1.3.19
IP 151.101.194.159:0
File type Unicode text, UTF-8 text, with very long lines (578), with CRLF line terminators
Hash 52a796ed166a9407b7d18f6f7dc78ced
184ea2adc2bcd47ad82e91e47f75b8edcc6514a3
89f3f68fd5936ec304945f48a18caf40f6ba339a86badf04bfacfb53a1cf60a5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/style.css?ver=1.3.19 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:47:07 GMT
etag: W/"6036c95b-3c07c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.251629,VS0,VE119
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 43992
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-table.css?ver=2.1.2
151.101.194.159200 OK 1.9 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-table.css?ver=2.1.2
IP 151.101.194.159:0
File type ASCII text, with very long lines (401)
Hash c8bba9973e99fa3c080e6a2fbab29e1d
09fa57f79a6e08b21a44b0140ea9835e1506bb0a
5b5099ca660ed433e50ea879b9ce8a4fef2412ddee788db5d5e4d709dcc90898
GET /wp-content/plugins/cookie-law-info/public/css/cookie-law-info-table.css?ver=2.1.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 08 Jun 2022 16:16:08 GMT
etag: W/"62a0cb48-17e1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.258150,VS0,VE113
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1867
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/uploads/2022/01/logo-test.png
151.101.194.159200 OK 3.4 kB URL HTTP/2 wellhealthhtc.com/wp-content/uploads/2022/01/logo-test.png
IP 151.101.194.159:0
File type PNG image data, 255 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash 66f32cf3fb51c7d5783efb942e5b7598
dac27d9c8a0a09df373d80cf7d12e6d5639dc271
1a73a567de95bec39142ab501dc5f00467ce9911d70a0cc81a69a729c06279cb
GET /wp-content/uploads/2022/01/logo-test.png HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 11 Jan 2022 00:18:48 GMT
etag: W/"61dccce8-d51"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.258052,VS0,VE116
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3437
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js?ver=2.6.2
151.101.194.159200 OK 8.5 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js?ver=2.6.2
IP 151.101.194.159:0
File type HTML document, ASCII text, with very long lines (14756)
Hash f3243e884f30b4f8ba084ffc08b7e26a
8853a01b22b8de72595441fd3e1f5ccb312c47ff
2f15736ec7ece8aba0e622e0262ed2b022063f10fa1927b3e014fc17f7ddd297
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js?ver=2.6.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 21:47:07 GMT
etag: W/"6036c95b-4c1c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.257756,VS0,VE116
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8469
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/js/main.js?ver=1.3.19
151.101.194.159200 OK 7.5 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/js/main.js?ver=1.3.19
IP 151.101.194.159:0
Hash 72be092dc42b4b1cf107ead35f5a361d
733bf2177254f3a1241e9ad08b8328b0047238c4
edc31c1adf052782e8c04bdbfbed7b940fe3104dea5dbc94d5818005e5eca064
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/js/main.js?ver=1.3.19 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 21:47:07 GMT
etag: W/"6036c95b-6707"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.269455,VS0,VE113
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7465
X-Firefox-Spdy: h2
use.typekit.net/hck0mcg.css?ver=1.0.18
23.36.76.122200 OK 718 B URL HTTP/2 use.typekit.net/hck0mcg.css?ver=1.0.18
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (516)
Hash 236546567d3fcce71da5e6f924f38520
db0d02d819c4f9e619f76c79f7f0ade45a3931ef
45678774a3f74720243a839dc639c0d0406f587e8348b12956012fe2ec71a34a
GET /hck0mcg.css?ver=1.0.18 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 718
date: Fri, 16 Sep 2022 10:49:53 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1416
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 10:49:53 GMT
Last-Modified: Fri, 16 Sep 2022 10:26:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
p.typekit.net/p.css?s=1&k=hck0mcg&ht=tk&f=11369.12102.12103&a=87746455&app=typekit&e=css
23.36.76.122200 OK 5 B URL HTTP/2 p.typekit.net/p.css?s=1&k=hck0mcg&ht=tk&f=11369.12102.12103&a=87746455&app=typekit&e=css
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
Hash 83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=hck0mcg&ht=tk&f=11369.12102.12103&a=87746455&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Fri, 16 Sep 2022 10:49:53 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 10:49:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wellhealthhtc.com/wp-content/themes/elise/css/custom-style.css?ver=6.0.2
151.101.194.159200 OK 0 B URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/css/custom-style.css?ver=6.0.2
IP 151.101.194.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/elise/css/custom-style.css?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:47:05 GMT
etag: "6036c959-0"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.253685,VS0,VE329
vary: Authorization, Accept-Encoding
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 0
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/css/icons/css/fontello.css?ver=1.0
151.101.194.159200 OK 934 B URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/css/icons/css/fontello.css?ver=1.0
IP 151.101.194.159:0
Hash a31674b764cb04fb784f5e3cbd9b5e0e
acf9969907fa7dad114dc1d1d10356f7ab915b72
1d6dd7e2048de76b2118c8520c42ef87cc1933c5036b111c91984a79a0d1fade
GET /wp-content/themes/elise/css/icons/css/fontello.css?ver=1.0 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:47:05 GMT
etag: W/"6036c959-945"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.251531,VS0,VE332
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 934
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.41.253.170101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.253.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KIFC84ucMkMseeUyT5Lhvw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PJwlCyj1M7Cu4Ae5LxpRkeFgN9M=
wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.2
151.101.194.159200 OK 1.9 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.2
IP 151.101.194.159:0
Hash 52a5c4991d2223e213ab6830dc3e6d8c
ac75e5fd82d7eb6f3a87704eecff905862268b4a
df222a5205a4f46a8e035a0e3c80ad8329e4dba3bafc0fe479cee11d043cca85
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 06 Sep 2022 17:06:12 GMT
etag: W/"63177e04-3910"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.244748,VS0,VE443
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1889
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/css/icons/css/typicons.min.css?ver=2.0.4
151.101.194.159200 OK 3.0 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/css/icons/css/typicons.min.css?ver=2.0.4
IP 151.101.194.159:0
File type ASCII text, with very long lines (15030), with no line terminators
Hash dc587903262056baa930583a1bd5967b
aca433bd1ab550a401622fd6d8917c86a75b58f4
ad894dbad1232c4d7fd90f662015d12d5e7b7a72cd4afd6d9bbbb5452591997a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/css/icons/css/typicons.min.css?ver=2.0.4 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:47:05 GMT
etag: W/"6036c959-3ab6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.248629,VS0,VE443
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 2971
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=3.19.11
151.101.194.159200 OK 5.3 kB URL HTTP/2 wellhealthhtc.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=3.19.11
IP 151.101.194.159:0
File type ASCII text, with very long lines (27639), with no line terminators
Hash 6225e6fc47233ce2da1f8353aa02ba98
54d48779687ae3ff724f6e7098040ae803e2f85f
e804791d2f8be832f077481ca4a0652198618e9d463836487161e9026adea8de
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=3.19.11 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 24 Feb 2021 21:49:27 GMT
etag: W/"6036c9e7-6bf7"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.251718,VS0,VE445
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5255
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/page-scroll-to-id/js/page-scroll-to-id.min.js?ver=1.7.5
151.101.194.159200 OK 6.9 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/page-scroll-to-id/js/page-scroll-to-id.min.js?ver=1.7.5
IP 151.101.194.159:0
File type ASCII text, with very long lines (25961)
Hash d72ffc68176838f51b8b789c3cfa5a37
efda07bcd0cf33eede928996670173c45d84df12
daa7c2285892841dd3fcf1f01141e90e1da186d6d413d01117dce0c9cb4fbb1f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/page-scroll-to-id/js/page-scroll-to-id.min.js?ver=1.7.5 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 14 Mar 2022 18:16:19 GMT
etag: W/"622f8673-6591"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.259287,VS0,VE445
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6862
X-Firefox-Spdy: h2
use.typekit.net/af/341355/000000000000000077359e98/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
23.36.76.122200 OK 20 kB URL HTTP/2 use.typekit.net/af/341355/000000000000000077359e98/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 19492, version 1.0\012- data
Hash f5dee1c59acab830f05a1acf7a1faa40
7e1ea646f089007d5c3e78aea0c7c73a82a20c6d
365d62df2361f71d03c42759a078753c293ef35396d4b86dd46f1bdd311548b3
GET /af/341355/000000000000000077359e98/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wellhealthhtc.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19492
etag: "31a9ef1f7181193c266ba60d45b5dcfa7d946e2e"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 16 Sep 2022 10:49:53 GMT
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/img/404.png
151.101.194.159200 OK 29 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/img/404.png
IP 151.101.194.159:0
File type PNG image data, 645 x 364, 8-bit/color RGBA, non-interlaced\012- data
Hash fe4e548e8ff19b6fc5634af914bc7c29
f3ba13d6830fb9eb2d94e37a1e9c432a298ecf34
a53c929d51d6cc7d22e2ead75dad5749e6d3fdbdb20c2690482aaf21e1d434de
GET /wp-content/themes/elise/img/404.png HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 24 Feb 2021 21:47:07 GMT
etag: W/"6036c95b-7450"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.258044,VS0,VE550
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 29392
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.2
151.101.194.159200 OK 16 kB URL HTTP/2 wellhealthhtc.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.2
IP 151.101.194.159:0
File type ASCII text, with CRLF line terminators
Hash 21ae807dcddd2c669418720055abd5fe
46076366719141c9e480fc2206aff343aab1c5c8
05bacc452a35f425dc22a5c4f617c3d55b708b0437ff33d20bf411c26fce0e00
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.2 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 06 Sep 2022 17:06:12 GMT
etag: W/"63177e04-ff41"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325393.262455,VS0,VE553
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 15955
X-Firefox-Spdy: h2
use.typekit.net/af/4a8a65/000000000000000077359e9c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
23.36.76.122200 OK 19 kB URL HTTP/2 use.typekit.net/af/4a8a65/000000000000000077359e9c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 19088, version 1.0\012- data
Hash c52b5c6fca3ab064ec75627d8797dedc
d18f7f2da2ea5938b5d858fceb9ed0d4167389cf
1224ffd56d7c369fb81c27866dff663e5956f1ebe6c31d47902e3209e5c4abc9
GET /af/4a8a65/000000000000000077359e9c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wellhealthhtc.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19088
etag: "1571544bef2f8837a6aeb1250eb60b01167a7b57"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 16 Sep 2022 10:49:53 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 10:49:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-NBNSDT8
142.250.74.72200 OK 60 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NBNSDT8
IP 142.250.74.72:0
File type ASCII text, with very long lines (8040)
Hash 8dc0121aad60ecec8c02c92d5abc2fee
06e893abe349b033c2650be067be039d60d69133
ae4e8a6b880efb5447f8e32675991794eebf9b54a95f31917fadc1fb4f75e9f7
GET /gtm.js?id=GTM-NBNSDT8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 10:49:53 GMT
expires: Fri, 16 Sep 2022 10:49:53 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59473
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 10:49:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wellhealthhtc.com/wp-content/themes/elise/img/shadow-sep.png
151.101.194.159200 OK 557 B URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/img/shadow-sep.png
IP 151.101.194.159:0
File type PNG image data, 1080 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash f038e1402684a684978dbbafbc7b8059
7651152b5cf51ccd5762de34b41c2fc056d6da7c
3e1698b44db0a565a8c2af79c4547494deda4677725388f91c3bb1d1680833d0
GET /wp-content/themes/elise/img/shadow-sep.png HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/wp-content/themes/elise/style.css?ver=1.3.19
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 24 Feb 2021 21:47:07 GMT
etag: W/"6036c95b-216"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325394.835329,VS0,VE113
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 557
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway%3A400%2C300%2C600%2C700&ver=6.0.2
142.250.74.10200 OK 4.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Raleway%3A400%2C300%2C600%2C700&ver=6.0.2
IP 142.250.74.10:0
Hash 2f7e7259af33f491aa92469e0345af27
4561de7548a5ec4126a7a9106a58775e40591999
8b58dd66ea3c1951a430a947069e3ef81afe039800e41ff02c6f4bf44435a13e
GET /css?family=Raleway%3A400%2C300%2C600%2C700&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Sep 2022 10:49:53 GMT
date: Fri, 16 Sep 2022 10:49:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/uploads/2022/01/footer-logo.png
151.101.194.159200 OK 5.1 kB URL HTTP/2 wellhealthhtc.com/wp-content/uploads/2022/01/footer-logo.png
IP 151.101.194.159:0
File type PNG image data, 393 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 813d32672fa1e0c2c23b61d6e62f64e6
2b900996ded9f3437372b30bb212a924b7b82e92
41724a9bf13f4e24dbe21389c000c20c448fddc5c7bece769cdd58afed0a47aa
GET /wp-content/uploads/2022/01/footer-logo.png HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 11 Jan 2022 05:23:00 GMT
etag: W/"61dd1434-13c5"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325394.877444,VS0,VE114
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5089
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/uploads/2021/06/wellhealth-footerlogo.png
151.101.194.159200 OK 3.1 kB URL HTTP/2 wellhealthhtc.com/wp-content/uploads/2021/06/wellhealth-footerlogo.png
IP 151.101.194.159:0
File type PNG image data, 251 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash b33e0335b38480eafeff0927e3d633fb
bfcc3b388f24dec59f7bbaaaecc228785eadacaf
1ce41a8a091ecd34e66d4941bf7d709eea938f004a62192f06d992c18732d057
GET /wp-content/uploads/2021/06/wellhealth-footerlogo.png HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 08 Jun 2021 22:24:33 GMT
etag: W/"60bfee21-bec"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:53 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325394.877444,VS0,VE115
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3080
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/themes/elise/css/icons/fonts/fontawesome-webfont.woff?v=4.2.0
151.101.194.159200 OK 66 kB URL HTTP/2 wellhealthhtc.com/wp-content/themes/elise/css/icons/fonts/fontawesome-webfont.woff?v=4.2.0
IP 151.101.194.159:0
File type Web Open Font Format, TrueType, length 65452, version 1.0\012- data
Hash d95d6f5d5ab7cfefd09651800b69bd54
7d65e0227d0d7cdc1718119cd2a7dce0638f151c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/elise/css/icons/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://wellhealthhtc.com/wp-content/themes/elise/css/icons/css/font-awesome.min.css?ver=4.1.0
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
last-modified: Wed, 24 Feb 2021 21:47:05 GMT
etag: "6036c959-ffac"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:54 GMT
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663325394.844898,VS0,VE226
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 65452
X-Firefox-Spdy: h2
wellhealthhtc.com/wp-content/uploads/2022/01/favicon-1.png
151.101.194.159200 OK 622 B URL HTTP/2 wellhealthhtc.com/wp-content/uploads/2022/01/favicon-1.png
IP 151.101.194.159:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 4c722c517234b37597863d63c4ebab0e
44ba042ce9bf9e7ca63c4bba0fb5d634cab479a1
bc9ff6d90f8116af1e9a3ac627118750bae8ea894668bf955c00c0a9e5fbd896
GET /wp-content/uploads/2022/01/favicon-1.png HTTP/1.1
Host: wellhealthhtc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellhealthhtc.com/f2t4km/
Connection: keep-alive
Cookie: cookielawinfo-checkbox-necessary=yes; cookielawinfo-checkbox-functional=no; cookielawinfo-checkbox-performance=no; cookielawinfo-checkbox-analytics=no; cookielawinfo-checkbox-advertisement=no; cookielawinfo-checkbox-others=no; _gcl_au=1.1.248904877.1663325378
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 11 Jan 2022 05:49:09 GMT
etag: W/"61dd1a55-2ae"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: yn5y32isco
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 16 Sep 2022 10:49:54 GMT
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663325394.104490,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 622
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Fri, 16 Sep 2022 10:41:12 GMT
expires: Fri, 16 Sep 2022 12:41:12 GMT
cache-control: public, max-age=7200
age: 522
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-XSWB5ZFTY6>m=2oe9e0&_p=1206892980&cid=1875877690.1663325378&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663325378&sct=1&seg=0&dl=https%3A%2F%2Fwellhealthhtc.com%2Ff2t4km%2F&dt=Page%20not%20found%20-%20WELL%20Health%20Hemorrhoid%20Treatment%20Centres&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-XSWB5ZFTY6>m=2oe9e0&_p=1206892980&cid=1875877690.1663325378&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663325378&sct=1&seg=0&dl=https%3A%2F%2Fwellhealthhtc.com%2Ff2t4km%2F&dt=Page%20not%20found%20-%20WELL%20Health%20Hemorrhoid%20Treatment%20Centres&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-XSWB5ZFTY6>m=2oe9e0&_p=1206892980&cid=1875877690.1663325378&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663325378&sct=1&seg=0&dl=https%3A%2F%2Fwellhealthhtc.com%2Ff2t4km%2F&dt=Page%20not%20found%20-%20WELL%20Health%20Hemorrhoid%20Treatment%20Centres&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wellhealthhtc.com
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://wellhealthhtc.com
date: Fri, 16 Sep 2022 10:49:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=8991026&ct=standard-page&pu=https%3A%2F%2Fwellhealthhtc.com%2Ff2t4km%2F&t=Page+not+found+-+WELL+Health+Hemorrhoid+Treatment+Centres&cts=1663325378611&vi=0c224110be5a09ddbb60db9ac3773f65&nc=true&u=219260486.0c224110be5a09ddbb60db9ac3773f65.1663325378610.1663325378610.1663325378610.1&b=219260486.1.1663325378610&cc=15
104.19.155.83200 OK 45 B URL HTTP/2 track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=8991026&ct=standard-page&pu=https%3A%2F%2Fwellhealthhtc.com%2Ff2t4km%2F&t=Page+not+found+-+WELL+Health+Hemorrhoid+Treatment+Centres&cts=1663325378611&vi=0c224110be5a09ddbb60db9ac3773f65&nc=true&u=219260486.0c224110be5a09ddbb60db9ac3773f65.1663325378610.1663325378610.1663325378610.1&b=219260486.1.1663325378610&cc=15
IP 104.19.155.83:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c8817d472077ebfc04593c1fa019d32d
e1e86f41c86c7b9cd2e8b76c6a925a1a3e7e3247
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=8991026&ct=standard-page&pu=https%3A%2F%2Fwellhealthhtc.com%2Ff2t4km%2F&t=Page+not+found+-+WELL+Health+Hemorrhoid+Treatment+Centres&cts=1663325378611&vi=0c224110be5a09ddbb60db9ac3773f65&nc=true&u=219260486.0c224110be5a09ddbb60db9ac3773f65.1663325378610.1663325378610.1663325378610.1&b=219260486.1.1663325378610&cc=15 HTTP/1.1
Host: track.hubspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 10:49:54 GMT
content-type: image/gif
content-length: 45
cf-ray: 74b909c4da33b4e8-OSL
cache-control: no-cache, no-store, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-hubspot-correlation-id: 3ef63699-e14a-486a-a338-643bddeec385
x-robots-tag: none
set-cookie: __cf_bm=YxcXLNQFq0DLSkfqY.rISE5VQG96.26Nq.lnWqwM5C4-1663325394-0-Abz92kbh6aOqRkp5B81iWz/VXPXP3LNGAsbexue9LGRPd4YS4bOZR9l02R5XCEH5oCN4rD1ZCKFZ2kZgz8zo8bw=; path=/; expires=Fri, 16-Sep-22 11:19:54 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6MyCY3nOYZDDj15ZiN78nJwgFbrVD%2B3FlTfBBUNATVmwuv8wYM6UCq0Gzqv92jxBy1fPt%2FJc2B%2BL83aegPMikNX5Pi7WcYdw7ytWeiu%2Bv9o4VGASWegKlP7PwnWJIfccTJd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14883
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 10:49:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14883
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 10:49:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14883
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 10:49:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14883
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 10:49:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hhh1q_MrZVAaRWwmc1IuJbL3KhhwwHQgceaL15okbg4NvKJlWfUjyA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:02:34 GMT
age: 46041
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: b04ac3c4-b4d8-4094-8b7d-bd229bb7d577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yb2GvFnEoAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63216a2a-4e5927ac3f1d0b215ce5a8dc;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 05:44:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1W0Ito5yNmHNxtYBj5jOJQ3Z2OP_Shvhpj94YUDwLHQKzt-zgqjI8A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 03:12:38 GMT
age: 27437
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JyXQcHKFIksMgLMROqOfV1ZqdFKSp3QSIlGmXuDR6h88o9J6s-mgkw==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:14:32 GMT
age: 45323
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d242ded8ac40a1eb617303256d5f34eb
afbe7dae2d65763a004b5bddc697131762da7bf2
b4b08292f36acfca7df3710c29c184c5ff18592e6383eddc5582d302184fce59
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 19e81e48-6501-4938-906c-60aa7acdb33a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUj5EE5oAMFvwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae5-3031e84f158e1ad94da4875b;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MgjhIwjrfVL6-SF04ZPyZVUIOlXUTJu8E8r6KtOZ_QH0OEZC4uG4yQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:09 GMT
age: 47086
etag: "afbe7dae2d65763a004b5bddc697131762da7bf2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a4ed510756efe784c4ca84c61c4b5ba
10262867cfb19d3ba8f618e235d1a98531048f34
b5ba0de5ce381579e49e3e3c23244048fc8aac693ce0c977560f28b9a51f6a0b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10163
x-amzn-requestid: 7c849e5d-468e-4f6a-ad44-c7995bfa81bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvuGFU5oAMF_Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202cc0-5376d2432c79a3146b6c29f4;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: J5lOTqdLhgg3Hzfw3b86ScfLkODllGEA_y9xUSxBxBCS4sI5nAWKZQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 23:35:10 GMT
age: 40485
etag: "10262867cfb19d3ba8f618e235d1a98531048f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dxJEH4Jh8lAZ0T28BZnFLhWczwZ7oOaspCmR-SWudP32cF3BQc6wmw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:56:40 GMT
age: 46395
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.hs-scripts.com/8991026.js?integration=WordPress&ver=9.0.123
104.17.212.204200 OK 0 B URL HTTP/2 js.hs-scripts.com/8991026.js?integration=WordPress&ver=9.0.123
IP 104.17.212.204:0
GET /8991026.js?integration=WordPress&ver=9.0.123 HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 10:49:53 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2B2E56C09F323FD67EE307039824AFAFCED3B24D2E000000000000000000
cache-control: public, max-age=60
vary: Accept-Encoding
x-hubspot-correlation-id: 3fc9cf05-ab62-42fc-add7-ea8ae77a56c2
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-origin: https://wellhealthhtc.com
last-modified: Fri, 16 Sep 2022 10:49:53 GMT
cf-cache-status: MISS
expires: Fri, 16 Sep 2022 10:50:53 GMT
server: cloudflare
cf-ray: 74b909bc4f94fab4-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.hs-analytics.net/analytics/1663325100000/8991026.js
104.17.71.176200 OK 0 B URL HTTP/2 js.hs-analytics.net/analytics/1663325100000/8991026.js
IP 104.17.71.176:0
GET /analytics/1663325100000/8991026.js HTTP/1.1
Host: js.hs-analytics.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 10:49:54 GMT
content-type: text/javascript
x-amz-id-2: jVluC8K+lr7TgPhTanYyWH3veRzkGFPnrWRZjcEYchGWXJXZd/nE9A2gard2qxmcdYZrc4eIang=
x-amz-request-id: ZV4HPBRPV285W62P
last-modified: Wed, 31 Aug 2022 12:54:12 GMT
etag: W/"9c1dd972888999ecd9ed744779b8ac2c"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: null
access-control-allow-credentials: false
expires: Fri, 16 Sep 2022 10:54:54 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b909c13b99b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.hs-banner.com/8991026.js
104.18.33.171200 OK 0 B URL HTTP/2 js.hs-banner.com/8991026.js
IP 104.18.33.171:0
GET /8991026.js HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 10:49:54 GMT
content-type: text/javascript; charset=UTF-8
x-amz-id-2: Y1vrsEvdqsLkxYXGkH8IoNiveXnhmioZJcq5SIJmUA0fUEY4M7q4V/T/rHkG5dV74ds+vR/thJY=
x-amz-request-id: 2PD09G6XCDA4MVFS
last-modified: Tue, 30 Aug 2022 22:16:01 GMT
etag: W/"cc705bd5200b6a1704bc4b08d4f02a5a"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: SwCu9QrqBFfBs8M_rYYwqs8y1c4gXhoy
access-control-allow-origin: https://wellhealthhtc.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
expires: Fri, 16 Sep 2022 10:54:53 GMT
cf-cache-status: REVALIDATED
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b909bfd8adb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wellhealthhtc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Sep 2022 10:49:53 GMT
date: Fri, 16 Sep 2022 10:49:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2