r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4616
Expires: Thu, 24 Nov 2022 13:11:15 GMT
Date: Thu, 24 Nov 2022 11:54:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3802
Cache-Control: max-age=171614
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:19 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:34:33 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
cheryfenley.com/
162.0.215.251301 Moved Permanently 707 B IP 162.0.215.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 24 Nov 2022 11:54:19 GMT
server: LiteSpeed
location: https://cheryfenley.com/
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2377
Expires: Thu, 24 Nov 2022 12:33:57 GMT
Date: Thu, 24 Nov 2022 11:54:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 11:17:16 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2224
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: CCeK0Sfm0JQmHI6ux9Nt1W8P6YT48pVd8L0ULjN3v5U/8opSRlrAOHoSVZZP4k3yiQ3cVnozyJ0=
x-amz-request-id: DEYHGYGMJC0SMMZ3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 11:40:23 GMT
age: 837
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 11:54:20 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 11:11:11 GMT
cache-control: public,max-age=3600
age: 2589
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 3ff99b936de85846ba3df822c9aeae10
ecc34d66dee3483dad290d9bea296b52cd54f81f
822742396fa7e6edebf72ed5dc49e33cedcfbd7f05287384e3344a5373c2eeab
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 11:54:20 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 06:36:24 GMT
Expires: Mon, 28 Nov 2022 06:36:23 GMT
Etag: "ecc34d66dee3483dad290d9bea296b52cd54f81f"
Cache-Control: max-age=325922,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f1f3056c38fab4-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6578
Cache-Control: max-age=169327
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:20 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:56:27 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.41.91.37101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.91.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kgTilP9Y7WbUG9wyOeavfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cXaCoXX03h8JboMh+YyUFPRM/zc=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cheryfenley.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.9.0
162.0.215.251200 OK 1.1 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.9.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (4933), with no line terminators
Hash 8f2da34c6f082c7bec00f9cca661fd59
d0de5b6b29a9788a64826b833465a9d08f7c2ab7
d461fea6636b26aab698f636b2518709cb79416c7d3916d6b03497c4d75befdd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.9.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1109
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
162.0.215.251200 OK 30 kB URL HTTP/2 cheryfenley.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 05:16:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/
162.0.215.251200 OK 46 kB IP 162.0.215.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (24218), with CRLF, LF line terminators
Hash fb59521900062f49fdb6627ece0b2a57
3d8d2af3b4a45059a45e9460cc82b08701eb1a71
f6d66f4529707b3739bcd69c2ff5fb043cc69261ee0a90705a486091cc2f26a4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
link: <https://cheryfenley.com/wp-json/>; rel="https://api.w.org/", <https://cheryfenley.com/wp-json/wp/v2/pages/13>; rel="alternate"; type="application/json", <https://cheryfenley.com/>; rel=shortlink
etag: "368-1668780915;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Thu, 24 Nov 2022 11:54:20 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/css/bootstrap.min.css?ver=5.4.2
162.0.215.251200 OK 6.6 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/css/bootstrap.min.css?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (35650)
Hash 026d844d282821b5a413f0868741b8bb
efe182122ea695755b439729b26cc06b7d13ac06
fbb2f79b1f9dbb3c30a87955224ccdadc8cd252bb811ece01f70f33a3d1a1c5a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/css/bootstrap.min.css?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6584
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.8.0
162.0.215.251200 OK 4.0 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (34217)
Hash e00926a3c189b2f2396d96d90ac77785
f61219b1a1e4924051c4e5c7acb70cd925173bdb
30a6fd0e5a3610d5074e2a634513348ff8a5a92510d45c6c2621d6bda6b2fd27
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3952
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.8.0
162.0.215.251200 OK 12 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (56243)
Hash bc62c79810f6d9ff2023a3ce01fb17e8
c176d3254f491913c5567d35c85d0d02c6c9300a
abe49ff5c57ab5013f8eac78076ef149837282fce42df3f0f526cb440e3d155b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11779
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/css/classic-themes.min.css?ver=1
162.0.215.251200 OK 217 B URL HTTP/2 cheryfenley.com/wp-includes/css/classic-themes.min.css?ver=1
IP 162.0.215.251:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 05:16:34 GMT
accept-ranges: bytes
content-length: 217
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
162.0.215.251200 OK 4.0 kB URL HTTP/2 cheryfenley.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.8.0
162.0.215.251200 OK 42 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (65358)
Hash 9e39dfcae341ce2e56f850ad8854f8cb
51b4a2a4192fea4d332c4787ec3d110a46b47419
921a07a52dffa7fee00ee8cf8ba0cf74aeb1077c780141c127bafe53f56ac6c4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 42039
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.3.1
162.0.215.251200 OK 3.2 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.3.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (9139)
Hash 2289a47b9cb9b09edb011970c0c2d4f5
1845b95796da67d0024f04f8aa419e065b3bf0de
c58f03d19efbce8043e675d39f3f7e30f6f999a9e1f7ae46b01058d31451a233
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.3.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3245
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.3.1
162.0.215.251200 OK 970 B URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.3.1
IP 162.0.215.251:0
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash 155d874ef60217f790dedec58e83d832
42a2698adec25b2000046cf7e3818e6478951fc3
c6801f4d5dcdd86ba3e33dc35a8765c03fd55e9f621443dd0fb7cd8c8e6707da
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.3.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 970
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.8.0
162.0.215.251200 OK 321 B URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.8.0
IP 162.0.215.251:0
Hash 159e4731a0ffba6862ee2a1bbcc8a805
7fb2a5ca7a80d96187fda406d0a1b7db23867fa7
c6f102a76dc397d94cfbadcd292d64bb45acaa29b0391b41a9f1cc68c2274ae2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 321
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
162.0.215.251200 OK 2.4 kB URL HTTP/2 cheryfenley.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 162.0.215.251:0
File type ASCII text, with very long lines (6475), with no line terminators
Hash 4e773d7cec56bacab6d2db420be6f262
c95573d884c1caec0ec9c6f3e2a8c0fbf28d939a
5c8839d0b02f21e8d83d856bbf85a6b87fbedf9ba0b70711b11a1c378d5443e7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Wed, 25 May 2022 06:39:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2354
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.3.1
162.0.215.251200 OK 899 B URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.3.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.3.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.3.1
162.0.215.251200 OK 677 B URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.3.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.3.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.3.1
162.0.215.251200 OK 934 B URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.3.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (2938), with no line terminators
Hash cf25dd071a208312bdc07f34d2cee027
76119563119eaae392ecc8903c989d98d0b93002
8635ba2cad8f887e72779bd526f8738ff6343c74cba715caf2eddea383ba7ce6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.3.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 934
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.8.0
162.0.215.251200 OK 9.7 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (32004)
Hash 7c29284509c9e3e29b2fecba106a7192
7fb67e10072b40d7f33aeecb0a728529d4916f35
898f6730527e8c17d06ce52de22c22f90888d125f6195dcbe156f6de002338aa
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9730
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.8.0
162.0.215.251200 OK 6.4 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (19905)
Hash 887795f2d71936f172c237a0893bd5a9
6632ff66ac9057a023dc683dada7d7b28ff2280c
28a9b1ea5e20c6cc3f4280ca9f929c937d36706a70c8ad1d9fad78ecb5ed28ed
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6433
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/slick.min.js?ver=5.4.2
162.0.215.251200 OK 8.1 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/slick.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (32254)
Hash ddf84dc70c8b452d42e62d2a5586c773
d7d945009accdbb768833945bcdce83a349591e6
ea1150ab1386121ad50b153326560ddb35ef06293f1aace38b016721ed64b4b7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/slick.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8117
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.justifiedGallery.min.js?ver=5.4.2
162.0.215.251200 OK 3.3 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.justifiedGallery.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (10292)
Hash 1e95496f427976d8aa9d80cca7f98210
52fe65bf6eaa3bd03555ef9fa9a1707539eeb9c5
a0d4b0eb1f771b91279250798221316e21efa8d4258cbb0930724576a5ed8430
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.justifiedGallery.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3269
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/imagesloaded.pkgd.min.js?ver=5.4.2
162.0.215.251200 OK 2.2 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/imagesloaded.pkgd.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (6832)
Hash 714c62965ea6a282884385a58aa6214b
9e44d8c1ff92cc14254649029f3001c8e7e4af30
509edd584d1bb4be3dc00cbf7276ea2b498ae703f5da5d8a9f8597cd50094831
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/imagesloaded.pkgd.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2233
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.pjax.min.js?ver=5.4.2
162.0.215.251200 OK 3.1 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.pjax.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (8167), with no line terminators
Hash 58175652ba1799f9f9a55cc371c793ab
b1c7e731b3d6340f9c892aba6e28852c9acabb19
a1cac4135397888479d7a59a7f42d6aeaff5befb8d5cea0702d344a13815a31e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.pjax.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3121
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.countdown.min.js?ver=5.4.2
162.0.215.251200 OK 1.5 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.countdown.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (3811)
Hash 7d22afb240f34ab9ab9a48ce961875af
fc563c95773bcc66133b8338c2bb904920ada2b7
5baabbe0b1401cdd72e13d6635d096ed71e563572d2c599f0554bca8032f5382
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.countdown.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1505
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/packery-mode.pkgd.min.js?ver=5.4.2
162.0.215.251200 OK 10 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/packery-mode.pkgd.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (30452)
Hash 6223bc3e2a8d692f000b7154cfd0b550
3cedf1a9544699e2648ddf69e46ec275dce14aca
bc34b0e7b372928fcdf13ff9a209e29dc98c09b9e466e123f907887953bd21a1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/packery-mode.pkgd.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9953
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Thu, 24 Nov 2022 13:28:18 GMT
Date: Thu, 24 Nov 2022 11:54:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Thu, 24 Nov 2022 13:28:18 GMT
Date: Thu, 24 Nov 2022 11:54:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Thu, 24 Nov 2022 13:28:18 GMT
Date: Thu, 24 Nov 2022 11:54:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 16815
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 16740
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 50836
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 037c0f19435a955d7ed58f65911e8f21
51a54b639617e113bb941d28b59c2571c0ca2e63
c2b15ed9257f220ed83845e1d0b343d21b7df9104c21162ea76b889609b8a404
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9992
x-amzn-requestid: a16f614c-5a5b-4f8b-97cb-c248e0b50753
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvcYEa0IAMFm_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e92b5-3b65b1b17c2a20b44a31aa9f;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:37:57 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OC0uEwrEKZ6UEEg_mpvYcoVBEUSEA_qTttmyRp1xptCRD4Vi4pFbCg==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:23 GMT
etag: "51a54b639617e113bb941d28b59c2571c0ca2e63"
content-type: image/jpeg
age: 50219
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08efdc1b-e7ef-4a2f-b199-9a633b00cef5.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08efdc1b-e7ef-4a2f-b199-9a633b00cef5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28381329eca6c426a8b05fcdef4aafcc
a1fbb6da386cf2eef8b76a65438cf9c6bd741f7a
4fc8414d39bbaacb1e6575924bd0bbb9373d78b177022f7d3c6457829abffd06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08efdc1b-e7ef-4a2f-b199-9a633b00cef5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8748
x-amzn-requestid: 864da50a-44bb-4d20-b499-08c2a140871e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtENmoAMFqKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-2705cc956f2c2aa5535533b0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xT0IorkRpXysoYMnugcrV40YaAxoRPjLmkPcv1ElteP_-rNZ1c6fog==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
etag: "a1fbb6da386cf2eef8b76a65438cf9c6bd741f7a"
content-type: image/jpeg
age: 50222
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F004aa6ae-7a76-4671-acda-0f0a01e41292.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F004aa6ae-7a76-4671-acda-0f0a01e41292.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cfb61d1d2a4d3e62e410c926cfa4a1ab
5c3f269cd16e9dd6bbb2e32efd46a4b2599ca436
4297b6c45e7dca6f841ae56da1040e1287f2e70c98e5f7fc674a674b59ebc7a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F004aa6ae-7a76-4671-acda-0f0a01e41292.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8702
x-amzn-requestid: 9687d5fa-c9f8-4afc-8278-0f0c12b28329
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvx9FQ4oAMFWmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e933f-397fca41442c0d7309395e4b;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4cgRxjx6TQRxl4FIKsjrBPDZmhoDgbG72UAMRUnxZBUqV7yCfj3PyQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:44:50 GMT
age: 50972
etag: "5c3f269cd16e9dd6bbb2e32efd46a4b2599ca436"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.autocomplete.min.js?ver=5.4.2
162.0.215.251200 OK 4.2 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.autocomplete.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (12783)
Hash b54a02cc0c2a4a93454e7068baae53ae
775244817eb0a43a5d4071b9305c1f3eb378f50d
8e1d72fed1f5f91eeb3c92879f43c0604aac968bc2026cf3d7ba27caa7ef6e44
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.autocomplete.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4183
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/threesixty.min.js?ver=5.4.2
162.0.215.251200 OK 2.9 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/threesixty.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (7483)
Hash 70f0d3d25e286025ac3e970c1ad7d3ab
ced2664161151e32c19ebda534aff4c42ce98d15
ea63f69c18f802832a507286074fc742165b86ca86c2b7d7ab083c537172afea
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/threesixty.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2898
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
162.0.215.251200 OK 68 B URL HTTP/2 cheryfenley.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
IP 162.0.215.251:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 2a637d3d825673c0e3462fa4ed9a1c5c
81668d396da22832d75a986407ff10035e0d5899
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: image/png
last-modified: Thu, 13 Jan 2022 17:13:59 GMT
accept-ranges: bytes
content-length: 68
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.13
162.0.215.251200 OK 12 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.13
IP 162.0.215.251:0
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash a3a1b76d9af48a438bf8b1b7120e5fe8
96caf04be4e5116efd00ba369c1027b97eade8ec
79cc5d89174bdb1509d9560a523acf49708691e1a76ec12d8c4be8921fd2ff1e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.13 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:13:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11769
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/animate-css/animate.min.css?ver=6.8.0
162.0.215.251200 OK 3.4 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/animate-css/animate.min.css?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (51719)
Hash 6a3b7da156b1a23da8dc50cdd23b8a03
a66a45d24957bcc14ca2ff6562a0e66be09031d6
696525a745ea9bfa67d220b8eefb4b6b81d2c083c4b8c7102916618671961884
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/animate-css/animate.min.css?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3446
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/css/js_composer_tta.min.css?ver=6.8.0
162.0.215.251200 OK 15 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/css/js_composer_tta.min.css?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (65358)
Hash 2f171c02b6da29694fdbe238ffde036d
ae6cbb2dda32d31136cbf501943f47c9fd6fdf86
172ac265d58ab0dea4054c54c7a28107f5b1e3c721cbe735f15966d28aab3b1d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/css/js_composer_tta.min.css?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14902
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
162.0.215.251200 OK 6.3 kB URL HTTP/2 cheryfenley.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 162.0.215.251:0
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash fecbc00e8af71d8cfb678cd811c7cb2e
44e5dd77f62cb5c67271442b75cdff10d45f2f8d
d6f03fb4728d0c23251451df8d66b5107d3c87458dc624aacfbad437e99d01f1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 05:16:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6335
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
162.0.215.251200 OK 3.1 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
IP 162.0.215.251:0
File type HTML document, ASCII text, with very long lines (9720), with no line terminators
Hash 7b3d5adb95a380672e7d5da68b57b3c0
58db2566c56407e29d4557d912663b36ec328b14
aaa8914b936896ede7bb53ba3a4273d63bf82ed918efe0cfac6f2b3f4641a423
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3050
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/photoswipe-ui-default.min.js?ver=5.4.2
162.0.215.251200 OK 3.5 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/photoswipe-ui-default.min.js?ver=5.4.2
IP 162.0.215.251:0
File type HTML document, ASCII text, with very long lines (9663)
Hash d0d2710db942b8c17656fd2c0c7ea62a
496b2b699c815afcc80e420952dc275de7a9a0a7
ffb00bef0ad8e5f2a13d3750021bb5e6a99901dd8f6361f958aade9b771d47ef
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/photoswipe-ui-default.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3538
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/photoswipe.min.js?ver=5.4.2
162.0.215.251200 OK 12 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/photoswipe.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (31568)
Hash 228f67095641742446fa2c28590088d8
da8b59210ae15f88faba9a8514764767aa59eaa3
021b64bc2c7e549f42386fc209b93bbcbebf3fec1362e6eec15f57789de9e817
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/photoswipe.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11805
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.magnific-popup.min.js?ver=5.4.2
162.0.215.251200 OK 7.4 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.magnific-popup.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (21014)
Hash 3a40837be19c52858d8bd03b5e50c277
fff22e3b2869a91f3f5ac39beb752805ff71c41f
3cba67c320d0544bd6a7f2fac5b82651393dbbcecc9a847a25189ffde5c84a3a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.magnific-popup.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7368
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/owl.carousel.min.js?ver=5.4.2
162.0.215.251200 OK 11 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/owl.carousel.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (42561), with no line terminators
Hash 3122da50be9884a0ae106199c2175744
0b75255de191f61d568c525f2ed45cd491ccadf2
15cb811b1a196150b07443a8d30cf4531b977af083f378a65dce065d89c63df6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/owl.carousel.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10624
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.nanoscroller.min.js?ver=5.4.2
162.0.215.251200 OK 3.2 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.nanoscroller.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (10166)
Hash 9f0070b4fdd55ad221818235ba070935
8b8c3c2bf26604bf81f6981ac0363d14e121fdef
1c3a8f501ffb3cec62c7030a3e89d637dce065b6558bb332dca892d12f2e66c7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.nanoscroller.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3225
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.panr.min.js?ver=5.4.2
162.0.215.251200 OK 560 B URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.panr.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (1331)
Hash a4be0a2bf19b0e5db8ec1920b692207b
6cb6aea62dc3e9a89de45bb7d776f29cc7535644
3be6d5a68692ca56de4e2ba4168bb80d3d554eda551345ea0b9ab158b003dd1c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.panr.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 560
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.parallax.min.js?ver=5.4.2
162.0.215.251200 OK 280 B URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.parallax.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (558)
Hash 557a3d596d9d0710571d20bb3189a90c
9d8d366d1cf30e101397caba445efad5d66450fd
58c8c078be07c4b7128e3004e7c0b4dfd4ef28ce1d1d7f350b121a8519e00743
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.parallax.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 280
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/vivus.min.js?ver=5.4.2
162.0.215.251200 OK 3.5 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/vivus.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (10993)
Hash bb8d9156a243646327ca5b3f6d1045ea
9f047d63274fa75983e6d4964e49cfe4b49843e7
5387002ab82bddfd826ba00bfa8cf5861ea019587f76e851f629ef617e700ab6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/vivus.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3525
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/dayjs-index.min.js?ver=5.4.2
162.0.215.251200 OK 8.2 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/dayjs-index.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (30642)
Hash 2ac299725904a4f4272b967276b1a387
981e588adbd5af95b6a07359667575e3b437906f
40a8667873a91d56aa33b7e264959034114f9b585153d72c3a143d661efe6362
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/dayjs-index.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8174
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/dayjs.min.js?ver=5.4.2
162.0.215.251200 OK 2.8 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/dayjs.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (6407)
Hash 4efaa2f4e3549a84219efa29941634c7
217097809330af108d645eb523323fffbc947df3
2c720908d9b44c97ddcf98b3196714c045dc6c4b87a1eff99de5c2f8f0b41544
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/dayjs.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2752
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/dayjs-utc.min.js?ver=5.4.2
162.0.215.251200 OK 761 B URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/dayjs-utc.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (1941)
Hash bdd7e83cafc063f7b8714ad9bce82da7
46eb677743838be5732c4e3bb6e9d03585e20b47
e8d2a6a26255fba81fa947ece64bbd278dd6c53f27092414e909b149ce188508
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/dayjs-utc.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 761
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/dayjs-timezone.min.js?ver=5.4.2
162.0.215.251200 OK 917 B URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/dayjs-timezone.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (1845)
Hash a02552e5d490b8b00cacb8a5411e5e91
813e7a6794ae1df4c4d7f2f2f1e9dda742530099
3da5e5956776db7e5acb1a24741c12906c68beaff23195c56780c297e1335a4f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/dayjs-timezone.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 917
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/fastclick.min.js?ver=5.4.2
162.0.215.251200 OK 2.8 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/fastclick.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (7767)
Hash e78c8efefcf2188beb55478b1827d6e0
585ff0bdc52594282303360cff290c3d1fb4d2fe
ff80396f07ea214bde8c9ae991ab643bbb3fad15b72345f672b5c180c04c6abd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/fastclick.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2756
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/waypoints.min.js?ver=5.4.2
162.0.215.251200 OK 2.6 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/waypoints.min.js?ver=5.4.2
IP 162.0.215.251:0
File type Unicode text, UTF-8 text, with very long lines (8863)
Hash 9ac7d06d536f08f1b22abc2e4d53f85a
2f7809be662e8b60690e9c93bc57e46ae06e906c
ac26b8d1e1df8be26af42c290e9ecc4bd0afc655f88e6bec2f73e87bf6ca6474
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/waypoints.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2592
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/js/underscore.min.js?ver=1.13.4
162.0.215.251200 OK 7.2 kB URL HTTP/2 cheryfenley.com/wp-includes/js/underscore.min.js?ver=1.13.4
IP 162.0.215.251:0
File type ASCII text, with very long lines (18798)
Hash f4bb18d2e152ba945cb63980362f40e9
925f93a6c4ee411e97d8dc3186f9d66c4b5169ab
16ab496a6c74f5f272f7a5c31e9cb69c753fea994396ef6deacf641180ad317b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 05:16:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7179
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-includes/js/wp-util.min.js?ver=6.1.1
162.0.215.251200 OK 690 B URL HTTP/2 cheryfenley.com/wp-includes/js/wp-util.min.js?ver=6.1.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (1391)
Hash ebe552e54e3815c6867913d252ff2a79
4982bd9ba944833e821be18419ad8408290f5d75
8b0aedc73b1d41ab59c0ad42553259c90458cfb72b149946a3bae3298c012e40
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-util.min.js?ver=6.1.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 05:16:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 690
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=6.3.1
162.0.215.251200 OK 3.4 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=6.3.1
IP 162.0.215.251:0
File type ASCII text, with very long lines (13590), with no line terminators
Hash 82352cd449ef5c2c92f7eae92a6841b5
ca4642f38f955ef0f42c1e6867b3cea7b26e552e
7d2428449304c3235523698b87acf2c2ebed5304f3cfd7a073abe62e9456d31a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=6.3.1 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3419
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc_waypoints/vc-waypoints.min.js?ver=6.8.0
162.0.215.251200 OK 2.7 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc_waypoints/vc-waypoints.min.js?ver=6.8.0
IP 162.0.215.251:0
File type Unicode text, UTF-8 text, with very long lines (8853)
Hash ca6d5264457e1e96e200324f3b5123f3
f13f44fbcd775c220b74dfd13f5ca7820d2502af
37c587c8b55480de62ddfdbf5cb45b1c66659cc6e66798490c87781526a90da5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/vc_waypoints/vc-waypoints.min.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:01 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2675
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc_accordion/vc-accordion.min.js?ver=6.8.0
162.0.215.251200 OK 3.1 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc_accordion/vc-accordion.min.js?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (10896)
Hash 3869a9cf890fc8e4008517fd8ef0006d
0abb47e24a88bf789feb82ebb7fc378b699232f2
3b254d707e805e2c57daba508fdbaaaa83e4dbf9c25b8d4c4417cd2e1041fb6b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/vc_accordion/vc-accordion.min.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:01 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3082
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/jquery.parallax-scroll.min.js?ver=5.4.2
162.0.215.251200 OK 1.2 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/jquery.parallax-scroll.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (3137), with no line terminators
Hash f4aab89eacc93c750284e5ce7d09140f
3614678e0018490b1cab314eb85b0cfadc108171
5fb231595049cc81ba78f37c62d5c904cd1000ceb9ae2f2a004bd661924edf64
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/jquery.parallax-scroll.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1234
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/device.min.js?ver=5.4.2
162.0.215.251200 OK 1.2 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/device.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (3195), with no line terminators
Hash 1425bf6dc5bfd767d6d46a401c0ceaf0
608ba62ac6b3ab3c44e1f94e97cb83789650a400
39f0e56d6ce5f286317a4d21fac4d233df0437de40021ab529b20e1f054cb7a1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/device.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1152
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc_tabs/vc-tabs.min.js?ver=6.8.0
162.0.215.251200 OK 1.2 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc_tabs/vc-tabs.min.js?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (3955)
Hash c0de2a36720ca97af1f9625144c1a5bb
1c9917fe611f650913472b44c6c2a4b6281ed72b
eadf1582843c993d9e2e96a745b054d17fdb251465666a6d616354696d8fe47b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/vc_tabs/vc-tabs.min.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:01 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1183
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc-tta-autoplay/vc-tta-autoplay.min.js?ver=6.8.0
162.0.215.251200 OK 864 B URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/vc-tta-autoplay/vc-tta-autoplay.min.js?ver=6.8.0
IP 162.0.215.251:0
File type ASCII text, with very long lines (2326)
Hash 54bbc23e366830b7b760fb30e8e0cb31
df8565ccac568f4fc0fc2af3354c0d63d206a22e
e0f9b190637e6369a8dce3ff0d81107bfd82aeceae09980bc427a85577bf9c20
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/vc-tta-autoplay/vc-tta-autoplay.min.js?ver=6.8.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:14:01 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 864
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/cf.png
162.0.215.251200 OK 32 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/cf.png
IP 162.0.215.251:0
File type PNG image data, 270 x 248, 8-bit/color RGBA, non-interlaced\012- data
Hash da273b3a5eacd4186a83a3e1c7dec9ed
9ca9c6c9846e4854709e92af9f0ce96cb2f29a42
69e766f1e370232de9ced79e921f9bd1a8d71988da73c437796e37c8abd9ee06
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/cf.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: image/png
last-modified: Tue, 18 Jan 2022 19:12:15 GMT
accept-ranges: bytes
content-length: 31733
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/TweenMax.min.js?ver=5.4.2
162.0.215.251200 OK 35 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/TweenMax.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 720453b24b12d3415eea7fa3cf152e38
94da835bd2b6b8122facc7a5f4c711ad503b8ce8
fcf382a17b24e35dc672e0b8de33bbdf468fac9834bef504ab3ae51d658330dc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/TweenMax.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 35204
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/js/functions.min.js?ver=5.4.2
162.0.215.251200 OK 22 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/js/functions.min.js?ver=5.4.2
IP 162.0.215.251:0
File type ASCII text, with very long lines (32129)
Hash 4e9ec6cdf2e296be7850d4c7688392d9
b44788eb5af1d3894f6d00440a79f58436ee3ee3
9443886cb5b35306a80022f9f23aab549f804d74e96396b7405eda564137a59d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/js/functions.min.js?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 21946
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.13
162.0.215.251200 OK 47 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.13
IP 162.0.215.251:0
File type ASCII text, with very long lines (45108)
Hash 838ac21dfc4de5ffb5feab9a1677cfdd
383fbdb0ac8201053078f8ea1bc0123eeb8505e8
04c3dbfbf04c7062e053fac060e694fade729aed74cca31d8cfb8a88fcb7a857
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.13 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:13:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 47288
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/style.min.css?ver=5.4.2
162.0.215.251200 OK 113 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/style.min.css?ver=5.4.2
IP 162.0.215.251:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size 113 kB (112952 bytes)
Hash 0eb079b366d20655aca94cdcdcbe66a8
24e61fc87a1ff3555173bd302ce89d8977392036
b4b5643d919964e782b30d043734262bba34f328bc402b22cdcd92d89fdbc6ab
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/style.min.css?ver=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: text/css
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 112952
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.13
162.0.215.251200 OK 96 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.13
IP 162.0.215.251:0
File type ASCII text, with very long lines (64288)
Hash b596956fe82fc9b8b0cc8de5bc8b8557
66a148621b7bc1f7de4d370039f1230a3d37f4d4
a900592604b60d3d5bd8c5cb4de1f0edc7bef863f32633876a25c7da1a65a1c1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.13 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Thu, 13 Jan 2022 17:13:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 96198
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
216.58.207.195200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 21:48:50 GMT
expires: Thu, 23 Nov 2023 21:48:50 GMT
cache-control: public, max-age=31536000
age: 50732
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
216.58.207.195200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:32:10 GMT
expires: Thu, 23 Nov 2023 08:32:10 GMT
cache-control: public, max-age=31536000
age: 98532
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
216.58.207.195200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 19860, version 1.0\012- data
Hash a95e391373ad634c3b7dbaf77de3f40e
ddc4638bc28c21a400fcd2df94448743f198a257
fa3d5a0422c9b413abb4c78f8ff80de8a8ed58766f7110c82febf5296e899b47
GET /s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 15:01:48 GMT
expires: Wed, 22 Nov 2023 15:01:48 GMT
cache-control: public, max-age=31536000
age: 161555
last-modified: Mon, 18 Jul 2022 19:06:33 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
216.58.207.195200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Hash 8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:31:06 GMT
expires: Thu, 23 Nov 2023 19:31:06 GMT
cache-control: public, max-age=31536000
age: 58997
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
216.58.207.195200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7824, version 1.0\012- data
Hash af4d371a10271dafeb343f1eace762bc
6d11d743bc3cfb169d70bc86450f18351dc1a905
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:50:37 GMT
expires: Thu, 23 Nov 2023 19:50:37 GMT
cache-control: public, max-age=31536000
age: 57826
last-modified: Wed, 27 Apr 2022 16:52:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
216.58.207.195200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:43:52 GMT
expires: Wed, 22 Nov 2023 14:43:52 GMT
cache-control: public, max-age=31536000
age: 162631
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lora/v26/0QIhMX1D_JOuMw_LIftL.woff2
216.58.207.195200 OK 39 kB URL HTTP/2 fonts.gstatic.com/s/lora/v26/0QIhMX1D_JOuMw_LIftL.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 39056, version 1.0\012- data
Hash ab20a3cbee44939ad33cb2d162484f23
f4df3e71cc8aebd85b6207d4ac35c76c602c2779
0a1dc89a4a29593bd35cc4811bfedd9765eeca4a9ef57323eec2cff14c9f9c5b
GET /s/lora/v26/0QIhMX1D_JOuMw_LIftL.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 19:24:49 GMT
expires: Tue, 21 Nov 2023 19:24:49 GMT
cache-control: public, max-age=31536000
age: 232174
last-modified: Mon, 15 Aug 2022 18:05:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
216.58.207.195200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:30:59 GMT
expires: Thu, 23 Nov 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 59004
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cheryfenley.com/wp-content/themes/basel/fonts/Simple-Line-Icons.woff?v=5.4.2
162.0.215.251200 OK 53 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/fonts/Simple-Line-Icons.woff?v=5.4.2
IP 162.0.215.251:0
File type Web Open Font Format, TrueType, length 53444, version 2.0\012- data
Hash 0bbfc705e37a927ce2ae72b749b3154d
c7f8307972e263ccb2de346cfd4890ae3ad15c7e
72bbd904eec22882287e50b2f64987560c8646abc0b8e942366a272a4fe7cd39
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/fonts/Simple-Line-Icons.woff?v=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: font/woff
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-length: 53444
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2
162.0.215.251200 OK 76 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2
IP 162.0.215.251:0
File type Web Open Font Format (Version 2), TrueType, length 75760, version 330.32636\012- data
Hash 832f6e62aaf3909d6b94c8a9c1e4dd51
4a06418cb56a66af5a1c0f59791469dea1dc87fa
8556fd48cf33ca3028e3fff4042979f224987ee317cc9032dd5bba996b363009
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.8.0
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: font/woff2
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-length: 75760
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/themes/basel/fonts/basel-font.woff?v=5.4.2
162.0.215.251200 OK 8.1 kB URL HTTP/2 cheryfenley.com/wp-content/themes/basel/fonts/basel-font.woff?v=5.4.2
IP 162.0.215.251:0
File type Web Open Font Format, TrueType, length 8096, version 1.0\012- data
Hash 86b8298a7cbf60b3f3794c0420ba8ff1
7700471e85f1319e14e1024b62ad6778ba4a33bb
43ac0e033311820c6d1208caffb7672ee831e82fad2d4d333cf5b2ac43412478
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/basel/fonts/basel-font.woff?v=5.4.2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: font/woff
last-modified: Thu, 13 Jan 2022 17:10:32 GMT
accept-ranges: bytes
content-length: 8096
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/Chery-FenleyIMAGE.jpg?id=265
162.0.215.251200 OK 140 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/Chery-FenleyIMAGE.jpg?id=265
IP 162.0.215.251:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1574x611, components 3\012- data
Size 140 kB (139540 bytes)
Hash b6af439270bd89528d7627e567083de7
69d963f3fff210fb4e683d38ff80378680def115
a694e44af6b4081a6d511ec9ea2137d53e86b7d6c59b5ce990b6b392b5d88834
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/Chery-FenleyIMAGE.jpg?id=265 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: image/jpeg
last-modified: Mon, 31 Jan 2022 23:50:22 GMT
accept-ranges: bytes
content-length: 139540
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/footer-bg.jpg
162.0.215.251200 OK 34 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/footer-bg.jpg
IP 162.0.215.251:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1386x422, components 3\012- data
Hash b3282a7220f6bfefff886ee30da5e185
07f3c771ba898874fe9b4a608d572aa47f7bc81e
6e20e5c903d522f13dd83f73dc1c95e88e7f0db765f891de73ef688a726d5e18
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/footer-bg.jpg HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 22:45:57 GMT
accept-ranges: bytes
content-length: 34296
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e82bac439b4e05b63bd8049769218cb8
fe8c2994c00b1d8c6212d9a7006ff58498375575
5b905305e33eb7e21beb21216242ed0af8a4288b3a36c6aa278755244e57c373
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3650
Cache-Control: max-age=138353
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 11:54:23 GMT
Etag: "637ec69e-1d7"
Expires: Sat, 26 Nov 2022 02:20:16 GMT
Last-Modified: Thu, 24 Nov 2022 01:19:26 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
162.0.215.251200 OK 75 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
IP 162.0.215.251:0
File type Web Open Font Format (Version 2), TrueType, length 75368, version 330.32636\012- data
Hash 859c4002d9954718cac1ddea5555698f
2392ce297c92bcf2c7d5a4c461a582dadc8039c8
5054ab369966fea3657ac6af00c3bc47bdc9e7b5114e61d1764be06213ca9781
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cheryfenley.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.8.0
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: font/woff2
last-modified: Thu, 13 Jan 2022 17:14:02 GMT
accept-ranges: bytes
content-length: 75368
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/03/Freedom_Front--300x300.png
162.0.215.251200 OK 52 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/03/Freedom_Front--300x300.png
IP 162.0.215.251:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 17a16ab8fb91fc50dd1b3dd6cc49e06b
205cc0396bee09c0e22846b40010b7a8047f5403
d81b8454ffa4881fd898673e5ce56c1af0c2acb47102a6c1bb824361c3f3d2cc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/03/Freedom_Front--300x300.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: image/png
last-modified: Tue, 22 Mar 2022 19:54:01 GMT
accept-ranges: bytes
content-length: 51643
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/03/Freedom_Back-300x300.png
162.0.215.251200 OK 49 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/03/Freedom_Back-300x300.png
IP 162.0.215.251:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 9cd0b10f53028e18a5e2c56e4f91441e
825cfc326a8a62a128109a2647978886124b9c4c
e6978c362bebb59efcf0e8136f117e3b2bdd920e7b738b7f5689e449dbb2b564
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/03/Freedom_Back-300x300.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: image/png
last-modified: Tue, 22 Mar 2022 19:54:25 GMT
accept-ranges: bytes
content-length: 48828
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/03/Springtime_In_Paris-300x300.png
162.0.215.251200 OK 121 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/03/Springtime_In_Paris-300x300.png
IP 162.0.215.251:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size 121 kB (121194 bytes)
Hash 3027642f656089bb6a8fa436b4a84b7d
d89a030df2a4f74e439dd8b3b6a4a404eaf04e88
c8a26ff2f2939b449e13e8f1583e322e01ccee5f319ff86a1f6dd11e2babf558
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/03/Springtime_In_Paris-300x300.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: image/png
last-modified: Tue, 22 Mar 2022 20:51:59 GMT
accept-ranges: bytes
content-length: 121194
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/?wc-ajax=get_refreshed_fragments
162.0.215.251503 Service Unavailable 856 B URL HTTP/2 cheryfenley.com/?wc-ajax=get_refreshed_fragments
IP 162.0.215.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash a85f2a2ab6f6f19c7a0396cfd058f222
331cc6e4ec068bb21d51beed584f00e8b61b7a0d
8aa9eaa6deea70ae2a2dc97868cd1aeec15941922122e6a396ee884337ae634b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://cheryfenley.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 503 Service Unavailable
content-type: text/html
content-length: 856
content-encoding: gzip
vary: Accept-Encoding
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/cf-100x100.png
162.0.215.251200 OK 11 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/cf-100x100.png
IP 162.0.215.251:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 2bec886d58a3a7dfeb968fa02e0a8625
a9ab4f991a7c69d06afc192a2b48fab1bdc43310
11c7b8e74d075c44c803183b9e6372b8430aefce7fc883c43dc03b344896b431
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/cf-100x100.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:23 GMT
content-type: image/png
last-modified: Tue, 18 Jan 2022 19:12:15 GMT
accept-ranges: bytes
content-length: 10575
date: Thu, 24 Nov 2022 11:54:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.paypal.com/sdk/js?client-id=AXQH1NBgEqoOAKBU5I4QzxLmFNPDqErkPGyFWU0xqiTE1qZ9BO1-I2yR5IMEAm2jjqDgk3Z_98c9EBm5¤cy=USD&integration-date=2021-09-17&components=buttons,messages&vault=false&commit=false&intent=capture&disable-funding=credit,card&enable-funding=venmo,paylater
151.101.1.21200 OK 126 kB URL HTTP/2 www.paypal.com/sdk/js?client-id=AXQH1NBgEqoOAKBU5I4QzxLmFNPDqErkPGyFWU0xqiTE1qZ9BO1-I2yR5IMEAm2jjqDgk3Z_98c9EBm5¤cy=USD&integration-date=2021-09-17&components=buttons,messages&vault=false&commit=false&intent=capture&disable-funding=credit,card&enable-funding=venmo,paylater
IP 151.101.1.21:0
File type Unicode text, UTF-8 text, with very long lines (65471)
Size 126 kB (125646 bytes)
Hash 5a65a814ef69e6b249fdd6233c121626
23ea1e6c594e4c2409eb8c283debc63892b2fee6
51bd653b0bd5047659aeb1ee68bd108771e9abf33932d94a404352e129b05c43
GET /sdk/js?client-id=AXQH1NBgEqoOAKBU5I4QzxLmFNPDqErkPGyFWU0xqiTE1qZ9BO1-I2yR5IMEAm2jjqDgk3Z_98c9EBm5¤cy=USD&integration-date=2021-09-17&components=buttons,messages&vault=false&commit=false&intent=capture&disable-funding=credit,card&enable-funding=venmo,paylater HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-xRCynRMmf0YPwDC6RAVXDBrC/DhNPr51vDy+wp5LaknwxDbs' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-xRCynRMmf0YPwDC6RAVXDBrC/DhNPr51vDy+wp5LaknwxDbs' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/javascript; charset=utf-8
etag: W/"1eace-I+oebFlOTCQJ64woPevGOJKy/uY"
p3p: true
paypal-debug-id: f380422d555a1
traceparent: 00-0000000000000000000f380422d555a1-07bcb27494fc07f6-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:54:24 GMT
age: 0
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4067-HHN, cache-bma1621-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669290863.365225,VS0,VE706
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f380422d555a1-27816f3f5f422104-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
content-length: 125646
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/03/Freedom_Front-.png
162.0.215.251200 OK 123 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/03/Freedom_Front-.png
IP 162.0.215.251:0
File type PNG image data, 496 x 503, 8-bit/color RGBA, non-interlaced\012- data
Size 123 kB (123427 bytes)
Hash e2062dc80427b4eed3e46458e643cdcf
1c6917263f795dfd797454424c7c94aa6f353c2d
40e1e6610521e8c5fd4ec0e39e37ef690540e983d35634f16bcb0af23d7caf75
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/03/Freedom_Front-.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Tue, 22 Mar 2022 19:54:00 GMT
accept-ranges: bytes
content-length: 123427
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/03/Freedom_Back.png
162.0.215.251200 OK 110 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/03/Freedom_Back.png
IP 162.0.215.251:0
File type PNG image data, 472 x 528, 8-bit/color RGBA, non-interlaced\012- data
Size 110 kB (109790 bytes)
Hash 6a26083104dbf6df50de8c90970ddb12
7619674f1e8771636816df7fa1304bb30c3f6272
fdb4f2c73f928e013dd4e75cea08f672804366aa33f06b2ab92bddbd50d4fa89
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/03/Freedom_Back.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Tue, 22 Mar 2022 19:54:25 GMT
accept-ranges: bytes
content-length: 109790
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/IMG_38831.png
162.0.215.251200 OK 56 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/IMG_38831.png
IP 162.0.215.251:0
File type PNG image data, 230 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash a62ef0d1b453087c45ecf66f310fe64e
626db0ddec7a19c442807ef8cf2f4fc03c003d86
6ce05d318fd232b909ecdb2f1b54a8ffe85070a43ab4a387b827b8e10b89ab30
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG_38831.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Fri, 21 Jan 2022 22:33:33 GMT
accept-ranges: bytes
content-length: 55888
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/Equestrian-collection-many-Horses-price-191.001-1.png
162.0.215.251200 OK 48 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/Equestrian-collection-many-Horses-price-191.001-1.png
IP 162.0.215.251:0
File type PNG image data, 230 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash 8759fce0e7c03464edc2db68653b9377
e01dc765849ab91bbb844a57a1530f5c88143c4b
e11b1c4ec0bf6c80ba4a245ee701da4e6dd0afe16637bbc79060a16b961dad7e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/Equestrian-collection-many-Horses-price-191.001-1.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Fri, 21 Jan 2022 22:27:36 GMT
accept-ranges: bytes
content-length: 48192
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/Wild-Horse-Run-T-Shirt.png
162.0.215.251200 OK 81 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/Wild-Horse-Run-T-Shirt.png
IP 162.0.215.251:0
File type PNG image data, 230 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash 8475697e795c4a93f9b38f1e33afa43f
9a98747aa77141e996d9048d631988355fd2f13f
69f2b1181c923d84bb963dbe2bb4958902051dd7e0f4d6e4e6cd99a5eb2a3920
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/Wild-Horse-Run-T-Shirt.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Fri, 21 Jan 2022 22:51:38 GMT
accept-ranges: bytes
content-length: 80818
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/Many-Horse-T-Shirt.png
162.0.215.251200 OK 78 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/Many-Horse-T-Shirt.png
IP 162.0.215.251:0
File type PNG image data, 230 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash e42687533206d49448b8f90b84260561
174751c96bb63334762c9be1ae6c5c71e72048a7
8e8aea666de9d0f1e8804c47315b47e5799f60d490a90af3068f84bf472cceb4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/Many-Horse-T-Shirt.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Fri, 21 Jan 2022 22:54:11 GMT
accept-ranges: bytes
content-length: 78322
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/03/Springtime_In_Paris.png
162.0.215.251200 OK 353 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/03/Springtime_In_Paris.png
IP 162.0.215.251:0
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 353 kB (353265 bytes)
Hash 2fc54ee172bb270778ce89327db6387f
fc529d95b6be50ea5ee61f45a92b7740a850b2b6
78e2384fe4b09163cd939c903b4f645bf5ab08b436b663987694c3d441b5846d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/03/Springtime_In_Paris.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Tue, 22 Mar 2022 20:51:58 GMT
accept-ranges: bytes
content-length: 353265
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/plugins/woocommerce-paypal-payments/modules/ppcp-button/assets/js/button.js?ver=1.7.0
162.0.215.251200 OK 4.8 kB URL HTTP/2 cheryfenley.com/wp-content/plugins/woocommerce-paypal-payments/modules/ppcp-button/assets/js/button.js?ver=1.7.0
IP 162.0.215.251:0
Hash 19e61c58ba7787dee54461f7b26a6ec1
5f30ffb72e95f22e6096c8729a03d937145ad201
6e034014c3b10d4413d97b2bd6ad20ccec65cef02f92dffa1cdc9b19c89bb587
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce-paypal-payments/modules/ppcp-button/assets/js/button.js?ver=1.7.0 HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:21 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 17:35:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41001
date: Thu, 24 Nov 2022 11:54:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.paypalobjects.com/muse/muse.js
151.101.86.133200 OK 16 kB URL HTTP/2 www.paypalobjects.com/muse/muse.js
IP 151.101.86.133:0
File type ASCII text, with very long lines (55891)
Hash 6aebbe482c72000aea20895991f70478
eff1d3370786f9ee4ea539776bc43ab9bece89ba
2acb950bc7678b9e6c265194821fac386bf555db582ee8c0e2d9e68ff3eaa862
GET /muse/muse.js HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: application/javascript
etag: W/"6271663d-da91"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 84840867de170
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:54:25 GMT
x-served-by: cache-sjc10029-SJC, cache-bma1655-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 40087
x-timer: S1669290865.384120,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16464
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/Equestrian-Collection-suitecase-Esmeralda-1.png
162.0.215.251200 OK 91 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/Equestrian-Collection-suitecase-Esmeralda-1.png
IP 162.0.215.251:0
File type PNG image data, 344 x 344, 8-bit/color RGBA, non-interlaced\012- data
Hash 4af0b5624a07be9550178352695def8d
cb3488a138bb41aa437d04bdeac87e13cf693796
6a59b04513d1ca22f67f9baa84eed688c0715c57a208b451ae021d50d7090a04
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/Equestrian-Collection-suitecase-Esmeralda-1.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Fri, 21 Jan 2022 21:49:36 GMT
accept-ranges: bytes
content-length: 90881
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/p31.png
162.0.215.251200 OK 84 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/p31.png
IP 162.0.215.251:0
File type PNG image data, 344 x 344, 8-bit/color RGBA, non-interlaced\012- data
Hash 449c7313a668feda02b60aada41cef9e
cb07c63c2b2c91ff5cc48e56e23b9cd1d886f82c
cb4714bb3c6bf1493163c2d524d23796f6bef9a0b955b6ef32bbc4d60b4a3a68
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/p31.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Fri, 21 Jan 2022 21:52:40 GMT
accept-ranges: bytes
content-length: 83501
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/sl1.jpg
162.0.215.251200 OK 103 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/sl1.jpg
IP 162.0.215.251:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1366x694, components 3\012- data
Size 103 kB (103084 bytes)
Hash 7d44d8d0b71872e27c8f01c6693b3449
32445655ebdb0b555f60b47d6a34237de5e77d97
c8c06670531dfbdd899cf170ef3102fe53a21e183658905855ab0e4b363c6814
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/sl1.jpg HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 17:32:50 GMT
accept-ranges: bytes
content-length: 103084
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.paypalobjects.com/muse/analytics/index.html
151.101.86.133200 OK 17 kB URL HTTP/2 www.paypalobjects.com/muse/analytics/index.html
IP 151.101.86.133:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (55410)
Hash 56fc10c2e8100a7e4418dc987c23d7a5
5c11880437f36368f82da60522bfcb0d57b395cf
326df6156907ef357f13bf48a5a3798dd4e692345d04fb4edad8370058d1198a
GET /muse/analytics/index.html HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: text/html
etag: W/"6271663d-d994"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 50b39f10d2761
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 24 Nov 2022 11:54:25 GMT
x-served-by: cache-sjc10077-SJC, cache-bma1655-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 45792
x-timer: S1669290865.431889,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16791
X-Firefox-Spdy: h2
t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3AFWEJA6WX5FNEU-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3AFWEJA6WX5FNEU-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&fltp=analytics&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1669290865012&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F
192.229.221.25200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3AFWEJA6WX5FNEU-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3AFWEJA6WX5FNEU-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&fltp=analytics&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1669290865012&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F
IP 192.229.221.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3AFWEJA6WX5FNEU-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3AFWEJA6WX5FNEU-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&fltp=analytics&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1669290865012&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
date: Thu, 24 Nov 2022 11:54:25 GMT
expires: Thu, 24 Nov 2022 11:54:25 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: d3c6078ec7a4
pragma: no-cache
server: ECAcc (lhd/370A)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=196
set-cookie: ts=vreXpYrS%3D1763985265%26vteXpYrS%3D1669292665%26vr%3Da97d33771840a46467f675e8ffffffff%26vt%3Da97d33771840a46467f675e8fffffffe; Expires=Mon, 24 Nov 2025 11:54:25 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3Da97d33771840a46467f675e8ffffffff%26vt%3Da97d33771840a46467f675e8fffffffe; Expires=Mon, 24 Nov 2025 11:54:25 GMT; Domain=.paypal.com; Path=/; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000d3c6078ec7a4-65a38d1089f6051b-01
content-length: 42
X-Firefox-Spdy: h2
cheryfenley.com/wp-content/uploads/2022/01/The-Story-Piece-2.png
162.0.215.251200 OK 842 kB URL HTTP/2 cheryfenley.com/wp-content/uploads/2022/01/The-Story-Piece-2.png
IP 162.0.215.251:0
File type PNG image data, 700 x 700, 8-bit/color RGBA, non-interlaced\012- data
Size 842 kB (842347 bytes)
Hash e150e63ec38e6a5277333db78fab2b3b
2465c8d65292a85dc0482a4385e0fbbdc838cd00
e798c784449e185668f9d14d80b09da7c9c9b2064554a81f172200a796a7bf4f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/The-Story-Piece-2.png HTTP/1.1
Host: cheryfenley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cheryfenley.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 01 Dec 2022 11:54:24 GMT
content-type: image/png
last-modified: Mon, 24 Jan 2022 19:53:52 GMT
accept-ranges: bytes
content-length: 842347
date: Thu, 24 Nov 2022 11:54:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1&page=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&es=visitorInfoFlowStarted&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1669290865329&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F
192.229.221.25200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1&page=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&es=visitorInfoFlowStarted&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1669290865329&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F
IP 192.229.221.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1&page=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&es=visitorInfoFlowStarted&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1669290865329&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
date: Thu, 24 Nov 2022 11:54:25 GMT
expires: Thu, 24 Nov 2022 11:54:25 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: b4886596c639b
pragma: no-cache
server: ECAcc (lhd/358C)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=179
set-cookie: ts=vreXpYrS%3D1763985265%26vteXpYrS%3D1669292665%26vr%3Da97d343b1840a5b010b26a04ffffffff%26vt%3Da97d343b1840a5b010b26a04fffffffe; Expires=Mon, 24 Nov 2025 11:54:25 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3Da97d343b1840a5b010b26a04ffffffff%26vt%3Da97d343b1840a5b010b26a04fffffffe; Expires=Mon, 24 Nov 2025 11:54:25 GMT; Domain=.paypal.com; Path=/; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000b4886596c639b-56850a5abde2964c-01
content-length: 42
X-Firefox-Spdy: h2
www.paypal.com/targeting/graphql
151.101.1.21204 No Content 0 B URL HTTP/2 www.paypal.com/targeting/graphql
IP 151.101.1.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /targeting/graphql HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.paypalobjects.com/
Origin: https://www.paypalobjects.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f89303818000d
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Thu, 24 Nov 2022 20:40:21 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Fri, 24 Nov 2023 11:54:25 GMT; Secure
x-pp-s=eyJ0IjoiMTY2OTI5MDg2NTczNyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
nsid=s%3A_AdjXr7A1KPf1e5O7QSEKWplxW5bRVF-.b1j3VzoY1idawhzMKFFrIybg3F1HgIYbO5VoGmUqaoo; Path=/; HttpOnly; Secure
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Thu, 24 Nov 2022 12:24:25 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1763985265%26vteXpYrS%3D1669292665%26vr%3Da97d34331840a7a08f1b7812ff4ccbb5%26vt%3Da97d34331840a7a08f1b7812ff4ccbb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:25 GMT; HttpOnly; Secure
ts_c=vr%3Da97d34331840a7a08f1b7812ff4ccbb5%26vt%3Da97d34331840a7a08f1b7812ff4ccbb4; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:25 GMT; Secure
traceparent: 00-0000000000000000000f89303818000d-cc760c69ae64a73f-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Thu, 24 Nov 2022 11:54:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4022-HHN, cache-bma1621-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669290866.633077,VS0,VE192
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1&page=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&es=visitorInfo&cust=H3PJV7L6LUNRC&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&unsc=0&identifier_used=DFP&e=im&t=1669290865999&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F
192.229.221.25200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1&page=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&es=visitorInfo&cust=H3PJV7L6LUNRC&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&unsc=0&identifier_used=DFP&e=im&t=1669290865999&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F
IP 192.229.221.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1&page=muse%3Aoffer%3A%3A%3AFWEJA6WX5FNEU-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=61091e67-ea02-4df6-be86-ddd8e3ddc5dc&es=visitorInfo&cust=H3PJV7L6LUNRC&mrid=FWEJA6WX5FNEU&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Chery%20Fenley&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&unsc=0&identifier_used=DFP&e=im&t=1669290865999&g=0&completeurl=https%3A%2F%2Fcheryfenley.com%2F HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
date: Thu, 24 Nov 2022 11:54:26 GMT
expires: Thu, 24 Nov 2022 11:54:26 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 1b6362e084741
pragma: no-cache
server: ECAcc (lhd/370F)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=183
set-cookie: ts=vreXpYrS%3D1763985266%26vteXpYrS%3D1669292666%26vr%3Da97d36d01840a57100f058ddffffffff%26vt%3Da97d36d01840a57100f058ddfffffffe; Expires=Mon, 24 Nov 2025 11:54:26 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3Da97d36d01840a57100f058ddffffffff%26vt%3Da97d36d01840a57100f058ddfffffffe; Expires=Mon, 24 Nov 2025 11:54:26 GMT; Domain=.paypal.com; Path=/; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000001b6362e084741-ab79c8daf12dd9ef-01
content-length: 42
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap
IP 142.250.74.10:0
GET /css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 11:54:21 GMT
date: Thu, 24 Nov 2022 11:54:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Karla%3A400%2C400italic%2C700%2C700italic%7CLora%3A400%2C500%2C600%2C700%2C400italic%2C500italic%2C600italic%2C700italic%7CLato%3A100%2C100italic%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=5.4.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Karla%3A400%2C400italic%2C700%2C700italic%7CLora%3A400%2C500%2C600%2C700%2C400italic%2C500italic%2C600italic%2C700italic%7CLato%3A100%2C100italic%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=5.4.2
IP 142.250.74.10:0
GET /css?family=Karla%3A400%2C400italic%2C700%2C700italic%7CLora%3A400%2C500%2C600%2C700%2C400italic%2C500italic%2C600italic%2C700italic%7CLato%3A100%2C100italic%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=5.4.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 11:54:21 GMT
date: Thu, 24 Nov 2022 11:54:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:300%7CPlayfair+Display:400%7CRoboto:400&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins:300%7CPlayfair+Display:400%7CRoboto:400&display=swap
IP 142.250.74.10:0
GET /css?family=Poppins:300%7CPlayfair+Display:400%7CRoboto:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 11:54:21 GMT
date: Thu, 24 Nov 2022 11:54:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.1.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.1.21:0
OPTIONS /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cheryfenley.com/
Origin: https://cheryfenley.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://cheryfenley.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f893038b258c8
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Thu, 24 Nov 2022 20:40:21 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Fri, 24 Nov 2023 11:54:25 GMT; Secure
x-pp-s=eyJ0IjoiMTY2OTI5MDg2NTk4NyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
tsrce=loggernodeweb; Domain=.paypal.com; Path=/; Expires=Sun, 27 Nov 2022 11:54:25 GMT; HttpOnly; Secure; SameSite=None
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Thu, 24 Nov 2022 12:24:25 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1763985265%26vteXpYrS%3D1669292665%26vr%3Da97d352d1840a7a85b436193ff4fdae1%26vt%3Da97d352d1840a7a85b436193ff4fdae0%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:25 GMT; HttpOnly; Secure
ts_c=vr%3Da97d352d1840a7a85b436193ff4fdae1%26vt%3Da97d352d1840a7a85b436193ff4fdae0; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:25 GMT; Secure
traceparent: 00-0000000000000000000f893038b258c8-890e005b7d34fbd3-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Thu, 24 Nov 2022 11:54:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11571-HHN, cache-bma1621-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669290866.883979,VS0,VE189
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/targeting/graphql
151.101.1.21200 OK 0 B URL HTTP/2 www.paypal.com/targeting/graphql
IP 151.101.1.21:0
POST /targeting/graphql HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.paypalobjects.com/
Content-Type: application/json
Origin: https://www.paypalobjects.com
Content-Length: 319
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-We3tHbxka/WwdtYNgqjnXO/ApoNqqVV4/i9D0H3Q8HmcDt2J' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-type: application/json; charset=utf-8
etag: W/W/"1be-Mwe3oOdtJ5QJbzqlUB8NxMoD8nY"
paypal-debug-id: f8930385b40cd
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Thu, 24 Nov 2022 20:40:22 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Fri, 24 Nov 2023 11:54:26 GMT; Secure
x-pp-s=eyJ0IjoiMTY2OTI5MDg2NjE3MCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
tsrce=targetingnodeweb; Domain=.paypal.com; Path=/; Expires=Sun, 27 Nov 2022 11:54:26 GMT; HttpOnly; Secure; SameSite=None
nsid=s%3ABewDOeUez1ko2db62glg7svBzYkjQSOb.J%2FahQKDNiHAQF1eZjAmi8m8OqnTP6buovU0INLhYxqA; Path=/; HttpOnly; Secure
l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Thu, 24 Nov 2022 12:24:26 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1763985265%26vteXpYrS%3D1669292665%26vr%3Da97d350d1840ad04a8929dc4ff785e31%26vt%3Da97d350d1840ad04a8929dc4ff785e30%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:26 GMT; HttpOnly; Secure
ts_c=vr%3Da97d350d1840ad04a8929dc4ff785e31%26vt%3Da97d350d1840ad04a8929dc4ff785e30; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:26 GMT; Secure
traceparent: 00-0000000000000000000f8930385b40cd-4fbac48ac4fe4e50-01
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Thu, 24 Nov 2022 11:54:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4025-HHN, cache-bma1621-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669290866.846873,VS0,VE418
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.1.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.1.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1471
Origin: https://cheryfenley.com
Connection: keep-alive
Referer: https://cheryfenley.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://cheryfenley.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3ee-XmlUtYzMZRTNStIWnQGzA4Ojfqg"
paypal-debug-id: f89303819f4f8
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Fri, 24 Nov 2023 11:54:26 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Thu, 24 Nov 2022 20:40:22 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Sun, 27 Nov 2022 11:54:25 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2OTI5MDg2NjE5MSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Thu, 24 Nov 2022 12:24:26 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1763985266%26vteXpYrS%3D1669292666%26vr%3Da97d35fc1840a1f3c8a01cbcffac8a75%26vt%3Da97d35fc1840a1f3c8a01cbcffac8a74%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:26 GMT; HttpOnly; Secure
ts_c=vr%3Da97d35fc1840a1f3c8a01cbcffac8a75%26vt%3Da97d35fc1840a1f3c8a01cbcffac8a74; Path=/; Domain=paypal.com; Expires=Sun, 23 Nov 2025 11:54:26 GMT; Secure
traceparent: 00-0000000000000000000f89303819f4f8-b7301d2fa08fb41e-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Thu, 24 Nov 2022 11:54:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4043-HHN, cache-bma1621-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1669290866.083067,VS0,VE202
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2