r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9794
Expires: Thu, 08 Dec 2022 18:02:03 GMT
Date: Thu, 08 Dec 2022 15:18:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6283
Expires: Thu, 08 Dec 2022 17:03:32 GMT
Date: Thu, 08 Dec 2022 15:18:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 15:08:13 GMT
content-type: application/json
age: 636
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3098
Expires: Thu, 08 Dec 2022 16:10:27 GMT
Date: Thu, 08 Dec 2022 15:18:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5+jGMBTXyd2YMTeqPnURAnOg5GYDuk5K2Q05VC+fqiJwlaFEcjC3p/36Czx6lT/EJYGrkKSiI+w=
x-amz-request-id: VEXKF5F1TNT3ZFGP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 14:49:49 GMT
age: 1741
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 15:18:50 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 15:07:58 GMT
age: 652
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
wethe6and9.ca/
69.90.162.250301 Moved Permanently 0 B IP 69.90.162.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 15:18:49 GMT
Server: Apache
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://wethe6and9.ca/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Keep-Alive: timeout=2, max=100
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4591
Cache-Control: max-age=155073
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:50 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:23:23 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.191.210.155101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.210.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vk3VHL9mH3OJHt4PLF+etw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cuh5vlhd3Sp7lji1iuYSLF4v6sU=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14335
Expires: Thu, 08 Dec 2022 19:17:46 GMT
Date: Thu, 08 Dec 2022 15:18:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14335
Expires: Thu, 08 Dec 2022 19:17:46 GMT
Date: Thu, 08 Dec 2022 15:18:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14335
Expires: Thu, 08 Dec 2022 19:17:46 GMT
Date: Thu, 08 Dec 2022 15:18:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d89b69ba37bf23c5d576aff4063caf
3d46a21b4da571d7e4962e335c18a28ca5f81ecf
09b52cdab278805c6e7282f469a02768ee62fc9ef09a6623a337e3d3aaa446fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: ae5c231c-b1be-498a-a242-e8d641f3fe8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFDgEzUoAMFgyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911baf-10f06dc37cac69631c823fd9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:03:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wFqXeAYHSBcj85PiuqhV790clAMWg_NHMCO5Q5WARXDaohFWZdeCig==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:19:17 GMT
age: 57574
etag: "3d46a21b4da571d7e4962e335c18a28ca5f81ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:16:35 GMT
age: 57736
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c408efaa98ac2ce63bb1618368d10c15
a51bbb49ebd862d04eaee465d0a35b22dcd21391
077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9596
x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_qH63oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcHU93cetsY4-vWHpT2xXozH1T7J3_1X8n6Yjd6lOuF8HbkpTQDerg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:24 GMT
etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391"
content-type: image/jpeg
age: 61527
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 56599
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57be99ac898a37d73f2ba4a24f56248f
04e32eb45581201a6a1863200e4d139df48285e6
a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12534
x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czDbyGTcoAMF_TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:03:58 GMT
age: 58493
etag: "04e32eb45581201a6a1863200e4d139df48285e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EeYw3qxRNMEhtLkUrHQe5b1H_f2k-5BWSZV4LEZ9U64rqm7Addv_Dw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 06:56:32 GMT
age: 30139
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d4507c78df6167484b39da9024efab18
72fedc57c2563ea57180ad8747bda11135bdf2bc
008d45b59c209f1be56f109f09e6366ccec8747b86d29a9ce5a07c61fd17042c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3809
Cache-Control: max-age=165089
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Etag: "6391d35c-117"
Expires: Sat, 10 Dec 2022 13:10:21 GMT
Last-Modified: Thu, 08 Dec 2022 12:06:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wethe6and9.ca/
69.90.162.250200 OK 73 kB IP 69.90.162.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (26419)
Hash 442baa782706ac1d0d4f0116f0d8b3b0
e4618efdbe3ac4e5ecc3d4dfb732f0af0f90c2fa
64541fcb3785f51bdca02875a7e6f161f660f3406dbc64095f6eaf0b4ddd9cb8
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
link: <https://wethe6and9.ca/wp-json/>; rel="https://api.w.org/", <https://wethe6and9.ca/wp-json/wp/v2/pages/1976>; rel="alternate"; type="application/json", <https://wethe6and9.ca/>; rel=shortlink
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 08 Dec 2022 15:18:50 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css?ver=1668890246
69.90.162.250200 OK 3.2 kB URL HTTP/2 wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css?ver=1668890246
IP 69.90.162.250:0
File type ASCII text, with very long lines (5325)
Hash 1e7ed91c6804d808861de21a1a05508f
f43bb36072964a1d53ce495f35a6627dce250db6
d5c7e51f373b8547d33a9c5f2176d55881fa1653f8fbb86e18eeb4d9353f4c4d
GET /wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css?ver=1668890246 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 19 Nov 2022 21:07:04 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3240
content-type: text/css
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/dm-divi-child-theme/style.css?ver=4.14.4
69.90.162.250200 OK 4.2 kB URL HTTP/2 wethe6and9.ca/wp-content/themes/dm-divi-child-theme/style.css?ver=4.14.4
IP 69.90.162.250:0
Hash d7ed33141bbf80286344fa6dd342d973
d6df835312c134df7734a0d2b201862cd21ccb2e
bd097b11aee00aa7caf4f0c80e00d9775debf397d4bc0b210ed30abca474441a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/dm-divi-child-theme/style.css?ver=4.14.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4182
content-type: text/css
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
69.90.162.250200 OK 6.8 kB URL HTTP/2 wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
IP 69.90.162.250:0
File type ASCII text, with very long lines (34646), with no line terminators
Hash 68a2b9cbc5034949ed6af808bc1b202c
fae4c637b5ec95e856c1dca7c2bfea15c428686e
dd9866aac933a71da56fa88ff6a45816980a4929e63862533bcea21aeff9745a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 19 Nov 2022 21:07:04 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6814
content-type: text/css
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/Divi/js/smoothscroll.js?ver=4.14.4
69.90.162.250200 OK 3.0 kB URL HTTP/2 wethe6and9.ca/wp-content/themes/Divi/js/smoothscroll.js?ver=4.14.4
IP 69.90.162.250:0
File type ASCII text, with very long lines (5644)
Hash abc5abab516067450531329d0afd0b93
3e249dc3c7b4923d41ca258ed925d6a1eed6c81b
c218f0f3e872b20be71e4a20d03160bb50e11b71bba6d024360dce79f9904df4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Divi/js/smoothscroll.js?ver=4.14.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:45:50 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3005
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d4507c78df6167484b39da9024efab18
72fedc57c2563ea57180ad8747bda11135bdf2bc
008d45b59c209f1be56f109f09e6366ccec8747b86d29a9ce5a07c61fd17042c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3809
Cache-Control: max-age=165089
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Etag: "6391d35c-117"
Expires: Sat, 10 Dec 2022 13:10:21 GMT
Last-Modified: Thu, 08 Dec 2022 12:06:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976.css?ver=1668890246
69.90.162.250200 OK 14 kB URL HTTP/2 wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976.css?ver=1668890246
IP 69.90.162.250:0
Hash 057b60064dac0b2e8c0d8999edab80c6
a2dbdab2d7b7421bd1e7e928f001ecb9c3b7c008
4f616eb408ddf4020d17e8bcca5385f0fe99caa627df48c5a1a65dcd0d6a4d64
Analyzer Verdict Alert fortinet Malware
GET /wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976.css?ver=1668890246 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 19 Nov 2022 20:37:26 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: text/css
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wethe6and9.ca/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.14.4
69.90.162.250200 OK 1.5 kB URL HTTP/2 wethe6and9.ca/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.14.4
IP 69.90.162.250:0
File type HTML document, ASCII text
Hash e80ed341aa60085450bd72090c23e73f
01de285748b3287e48075d079a9680c45c63d786
900614726d838cd0884abd5ab879b5ae4643489e78abe7c3acf89dede64b1b96
GET /wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.14.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:45:46 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1525
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
69.90.162.250200 OK 5.1 kB URL HTTP/2 wethe6and9.ca/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 69.90.162.250:0
File type ASCII text, with very long lines (11126)
Hash a45b2e9ff1324927538de4c38b7d172e
74dabb9552dd36b818cbd2938fd83a477d634891
f1e92a9355e1d84a6a1e75edfc9779533f5f46adeafbd755d911514053af54a0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Dec 2020 00:52:58 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5130
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.0.13/css/all.css?ver=5.8.6
172.64.132.15200 OK 31 kB URL HTTP/2 use.fontawesome.com/releases/v5.0.13/css/all.css?ver=5.8.6
IP 172.64.132.15:0
File type ASCII text, with very long lines (40884)
Hash a84fb3c9b91357932f6732181ab4e04a
d961a35908eae62ffdbd8c9834dde3b0475bcd85
b464709b143ab0c55f891bc45d2e057dccd41bc3728d7bf9d59b3b179d500d8d
GET /releases/v5.0.13/css/all.css?ver=5.8.6 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 15:18:52 GMT
content-type: text/css
x-amz-id-2: BLWL7ooW7M4oGAIHwa2jnnSjS8LSeZ5n7q3cgmJjEOqxqO04yd9BvNzfsbZiAm0axL9hfPc2bbU=
x-amz-request-id: JFYXWJ95BE1Q4FGH
last-modified: Wed, 30 Jun 2021 15:27:31 GMT
etag: W/"d61bfe9b56c13ecff5313ee3abb45e8b"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1783245
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWk0lq14WjgV680uH20lTAFpASrciFpOOoSFMWvxYf8HwTbbRei4NWiO8utDS2I8CXjnSJhZNyn9y49wHQPF1qDT33UvdmGAKF7wm7Z6RM%2FKnoBIcVhOYEZOTe2HIu9TSkF8rQM5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776679e23e8a747c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.35200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:28:50 GMT
expires: Thu, 07 Dec 2023 19:28:50 GMT
cache-control: public, max-age=31536000
age: 71402
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.35200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 12:29:21 GMT
expires: Fri, 08 Dec 2023 12:29:21 GMT
cache-control: public, max-age=31536000
age: 10171
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/dellarespira/v18/RLp5K5v44KaueWI6iEJQBiGPdf4Yug.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/dellarespira/v18/RLp5K5v44KaueWI6iEJQBiGPdf4Yug.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16300, version 1.0\012- data
Hash d8390db4806c477444e5cbe92532cb83
b497baa4b58efe46232a87b259d4a7d9eebae954
16c23e831c9ce4c6598efbb37f2bfbe1e855382849f262bf0e8c2a982b2f616b
GET /s/dellarespira/v18/RLp5K5v44KaueWI6iEJQBiGPdf4Yug.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 18:48:55 GMT
expires: Wed, 06 Dec 2023 18:48:55 GMT
cache-control: public, max-age=31536000
age: 160197
last-modified: Thu, 21 Apr 2022 16:52:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.4
69.90.162.250200 OK 4.4 kB URL HTTP/2 wethe6and9.ca/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.4
IP 69.90.162.250:0
File type ASCII text, with very long lines (7874)
Hash 2f503325c6578021ba5dce655bb3ef38
3e52d961772a9cd4f9684b99bdde8e66e5ed7b71
17b4c1536fb739c7f1958610f7b315aac436504a933b2365f411ddb7110f2a38
GET /wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:41:38 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4415
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/Divi/core/admin/js/common.js?ver=4.14.4
69.90.162.250200 OK 628 B URL HTTP/2 wethe6and9.ca/wp-content/themes/Divi/core/admin/js/common.js?ver=4.14.4
IP 69.90.162.250:0
Hash 7482e29732bcac6aa12b754a12edb109
b2366c91a836233c7ee6cea5c9098a2171afd83d
b0aa8cfe0fd2ef5794461696e650431eb4cc44a8eec4eda237a464351952e0cf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Divi/core/admin/js/common.js?ver=4.14.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:45:52 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 628
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-includes/js/wp-embed.min.js?ver=5.8.6
69.90.162.250200 OK 847 B URL HTTP/2 wethe6and9.ca/wp-includes/js/wp-embed.min.js?ver=5.8.6
IP 69.90.162.250:0
File type ASCII text, with very long lines (1391)
Hash e1f674546e0d2c57416905bf49a42345
61ecec361ae27a88f0d39b3c702f74e858d4e416
64a2db084f8c7fb3b4b05b20a61a7148ec1d2be91a5e7fb64977936de41fe2f0
GET /wp-includes/js/wp-embed.min.js?ver=5.8.6 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Feb 2021 01:10:55 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 847
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVI.woff2
142.250.74.35200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 22132, version 1.0\012- data
Hash 2438b57abe1c20df7e1106e3eb0eac28
fdc9f9824215a8201e5fa825ddfc854da74ca018
f1bdaf99aa3dd57a0ae937d03cc1e9097231716d15a5e1cfdfed3f8f524ec784
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22132
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 01:15:25 GMT
expires: Wed, 06 Dec 2023 01:15:25 GMT
cache-control: public, max-age=31536000
age: 223407
last-modified: Mon, 15 Aug 2022 18:15:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css
69.90.162.250200 OK 3.2 kB URL HTTP/2 wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css
IP 69.90.162.250:0
File type ASCII text, with very long lines (5325)
Hash 1e7ed91c6804d808861de21a1a05508f
f43bb36072964a1d53ce495f35a6627dce250db6
d5c7e51f373b8547d33a9c5f2176d55881fa1653f8fbb86e18eeb4d9353f4c4d
GET /wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 19 Nov 2022 21:07:04 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3240
content-type: text/css
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
142.250.74.35200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Hash 8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 20:09:28 GMT
expires: Thu, 07 Dec 2023 20:09:28 GMT
cache-control: public, max-age=31536000
age: 68964
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4uaVI.woff2
142.250.74.35200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4uaVI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 21516, version 1.0\012- data
Hash 90135ea44811b2d9610c33e07068fdb0
84ef1a8343877a598f1c7cbae56f35ded54a1787
bd067b886f4a67dd25c08fe73777bce7f506beb4c09d17d9f036f8a90901efd2
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4uaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 01:09:12 GMT
expires: Wed, 06 Dec 2023 01:09:12 GMT
cache-control: public, max-age=31536000
age: 223780
last-modified: Mon, 15 Aug 2022 18:12:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
142.250.74.35200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7824, version 1.0\012- data
Hash af4d371a10271dafeb343f1eace762bc
6d11d743bc3cfb169d70bc86450f18351dc1a905
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 20:21:43 GMT
expires: Thu, 07 Dec 2023 20:21:43 GMT
cache-control: public, max-age=31536000
age: 68229
last-modified: Wed, 27 Apr 2022 16:52:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7932, version 1.0\012- data
Hash a7f7eebec745ef48ccf7a3d08c66d84a
2c5f99afe358a3e8570818a99646779aaa607587
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399
GET /s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 23:43:50 GMT
expires: Thu, 07 Dec 2023 23:43:50 GMT
cache-control: public, max-age=31536000
age: 56102
last-modified: Wed, 27 Apr 2022 16:10:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/triangles-25.png
69.90.162.250200 OK 1.1 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/triangles-25.png
IP 69.90.162.250:0
File type PNG image data, 110 x 99, 8-bit/color RGBA, non-interlaced\012- data
Hash 498cb47f2b34a34f7f12d576385bcac6
57d2de399dd8010e518fe11849d7836ae2f08d0f
1a6e343484e42630286624aa938728f06d2623fd44d64e7825449ca07a8fe6ea
GET /wp-content/uploads/2020/05/triangles-25.png HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 1072
content-type: image/png
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/food-zone-safe.jpg
69.90.162.250200 OK 52 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/food-zone-safe.jpg
IP 69.90.162.250:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x960, components 3\012- data
Hash 9479f45436a86c514bafc230582d8f92
71feb6702d56e28a7eacff7cae992bfb197fe353
decca20d73d55ec1e18fed1d4c9e43eb8e91029dab993548a29ec48038df35e5
GET /wp-content/uploads/2020/05/food-zone-safe.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 52072
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/diagonal-lines-05pt.png
69.90.162.250200 OK 53 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/diagonal-lines-05pt.png
IP 69.90.162.250:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Hash fad2b604a6fe1ea53774e1c72578bf3c
29112c62f73c265dc87ddecb0daf34c0159b4b45
178ff0655c2afc6bad72d57db8854f72e3954c002796d000ff6c708bf7990b09
GET /wp-content/uploads/2020/05/diagonal-lines-05pt.png HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 52714
content-type: image/png
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/iphone-dark-notebook-pen-34140.jpg
69.90.162.250200 OK 224 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/iphone-dark-notebook-pen-34140.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1280, components 3\012- data
Size 224 kB (223538 bytes)
Hash 5300faaf52680d73d62e8a0c5f4d6cdd
818a4b63c331a9ecdff0cc52b7b2a1b6294b2ff0
cc1a7de94057a6e02088cdb9a0682ad154dbcfabc4d75b6b2ee713ed9a00531f
GET /wp-content/uploads/2020/05/iphone-dark-notebook-pen-34140.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 223538
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/seo-3007488_1920.jpg
69.90.162.250200 OK 243 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/seo-3007488_1920.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1202, components 3\012- data
Size 243 kB (243130 bytes)
Hash f15240e0c69c7e384b259bb8c98e3e84
fb8177c3d4aef088fb7d4a74fd9dab33849ba92d
83e4706136b2d188bc91fd05f88aee3131732039434dc353feed6838f5c18903
GET /wp-content/uploads/2020/05/seo-3007488_1920.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 243130
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/working-in-a-group-6224.jpg
69.90.162.250200 OK 377 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/working-in-a-group-6224.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1280, components 3\012- data
Size 377 kB (377084 bytes)
Hash 4f8ad8af6b03612be2005bd174beaf09
3d7b5503b5cd55eb1a96157c75ab7cf8979c4242
790905717a4e74de85f0670a49b1435b6398996db8329e614cc4df26c8a9c1f6
GET /wp-content/uploads/2020/05/working-in-a-group-6224.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 377084
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/person-using-macbook-pro-3861964.jpg
69.90.162.250200 OK 386 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/person-using-macbook-pro-3861964.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x1919, components 3\012- data
Size 386 kB (386465 bytes)
Hash f90a7d7a13617774f8d0b0836d726899
935ae66d78e9aa2f9fe56e44b4ccd547ee43d0ae
380f0b51d8d523b037b1a593bc8330f8705d8ed7c3ae4e9bcee95a869cb3cf18
GET /wp-content/uploads/2020/05/person-using-macbook-pro-3861964.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 386465
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/social-media-4140959_1920.jpg
69.90.162.250200 OK 534 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/social-media-4140959_1920.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1280, components 3\012- data
Size 534 kB (534200 bytes)
Hash 82f2b98b374c2ae9942925485d6a7dd2
ed0bbbcdc03a4718433262de7613d4c639695378
609cdee005ed9b5b48a77dc9c1073002c544d610f4f3102e1fe5f847f117a88d
GET /wp-content/uploads/2020/05/social-media-4140959_1920.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 534200
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/street-lights-802024.jpg
69.90.162.250200 OK 974 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/street-lights-802024.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1275, components 3\012- data
Size 974 kB (973561 bytes)
Hash 9b66a17ed605bc90fa6f376d8fe412f7
8d1bf42cfad323628486303821b1e4fe76717234
3278cb7b78d3b2f3efb0485741e5307bb3f708da4d19231f51f2c0a865d22736
GET /wp-content/uploads/2020/05/street-lights-802024.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-core-unified-tb-11-tb-14-deferred-1976.min.css?ver=1668892024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 973561
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/dm-divi-child-theme/js/dm-custom-scripts.js?ver=1.0
69.90.162.250404 Not Found 14 kB URL HTTP/2 wethe6and9.ca/wp-content/themes/dm-divi-child-theme/js/dm-custom-scripts.js?ver=1.0
IP 69.90.162.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (25332), with CRLF, LF line terminators
Hash c7e9234bc54ca6e1c7ad80b9c2f655dc
a0f2433114a84711c3774d5061f4208a22d700be
bc034befbb2353c70048674741445eb5bfb82c84dc8f0f40505d840d5b0be363
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/dm-divi-child-theme/js/dm-custom-scripts.js?ver=1.0 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://wethe6and9.ca/wp-json/>; rel="https://api.w.org/"
cache-control: no-store, no-cache
x-cache-enabled: False
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14547
content-type: text/html; charset=UTF-8
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/dm-divi-child-theme/INSERT_IMAGE_URL_HERE
69.90.162.250404 Not Found 14 kB URL HTTP/2 wethe6and9.ca/wp-content/themes/dm-divi-child-theme/INSERT_IMAGE_URL_HERE
IP 69.90.162.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (25332), with CRLF, LF line terminators
Hash c7e9234bc54ca6e1c7ad80b9c2f655dc
a0f2433114a84711c3774d5061f4208a22d700be
bc034befbb2353c70048674741445eb5bfb82c84dc8f0f40505d840d5b0be363
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/dm-divi-child-theme/INSERT_IMAGE_URL_HERE HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/themes/dm-divi-child-theme/style.css?ver=4.14.4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://wethe6and9.ca/wp-json/>; rel="https://api.w.org/"
cache-control: no-store, no-cache
x-cache-enabled: False
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14547
content-type: text/html; charset=UTF-8
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/WETHE6AND9_logo.png
69.90.162.250200 OK 19 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/WETHE6AND9_logo.png
IP 69.90.162.250:0
File type PNG image data, 300 x 87, 8-bit/color RGBA, non-interlaced\012- data
Hash c411e7e8cb790d04fddf43365c26e688
7522a96b0afa35e46bdb49e88ea56822e3aa474e
e4a582af7d618eaee9484c98125fa6aa8e374f647f7bec088b454346b1565dca
GET /wp-content/uploads/2020/05/WETHE6AND9_logo.png HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 19213
content-type: image/png
date: Thu, 08 Dec 2022 15:18:53 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
216.58.207.206200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 08 Dec 2022 14:41:08 GMT
expires: Thu, 08 Dec 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 2265
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 15:18:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=1362408878&t=pageview&_s=1&dl=https%3A%2F%2Fwethe6and9.ca%2F&ul=en-us&de=UTF-8&dt=WE%20THE%206AND9%20%7C%20Web%20%26%20Digital%20Marketing%20Company%20Toronto%2C%20ON&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=639831571&gjid=765723557&cid=196514085.1670512733&tid=UA-101653433-3&_gid=1022099771.1670512733&_r=1>m=2oubu0&z=482211628
216.58.207.206200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1362408878&t=pageview&_s=1&dl=https%3A%2F%2Fwethe6and9.ca%2F&ul=en-us&de=UTF-8&dt=WE%20THE%206AND9%20%7C%20Web%20%26%20Digital%20Marketing%20Company%20Toronto%2C%20ON&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=639831571&gjid=765723557&cid=196514085.1670512733&tid=UA-101653433-3&_gid=1022099771.1670512733&_r=1>m=2oubu0&z=482211628
IP 216.58.207.206:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1362408878&t=pageview&_s=1&dl=https%3A%2F%2Fwethe6and9.ca%2F&ul=en-us&de=UTF-8&dt=WE%20THE%206AND9%20%7C%20Web%20%26%20Digital%20Marketing%20Company%20Toronto%2C%20ON&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=639831571&gjid=765723557&cid=196514085.1670512733&tid=UA-101653433-3&_gid=1022099771.1670512733&_r=1>m=2oubu0&z=482211628 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://wethe6and9.ca
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://wethe6and9.ca
date: Thu, 08 Dec 2022 15:18:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/cropped-fav-32x32.jpg
69.90.162.250200 OK 911 B URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/cropped-fav-32x32.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 32x32, components 3\012- data
Hash 3c34a8ca1cb7610ec193e8a56738fec6
4760e2234a2757c2ad2c0f74f2e9ea1fb781309f
d4bcbc26e46ec3812346bce81bc6157b849312afcd670b28041b48e6e8bc9983
GET /wp-content/uploads/2020/05/cropped-fav-32x32.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 911
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:53 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/cropped-fav-192x192.jpg
69.90.162.250200 OK 5.1 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/cropped-fav-192x192.jpg
IP 69.90.162.250:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 192x192, components 3\012- data
Hash db20043c227f33d32c5d82f9f7a9dc16
54367fed7ceeb5e3c0481130c3535ab960f6a627
5511f92670f1a1d716fdaa8684fdd15a1af67b0938759646c065f31fde982dfb
GET /wp-content/uploads/2020/05/cropped-fav-192x192.jpg HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 5056
content-type: image/jpeg
date: Thu, 08 Dec 2022 15:18:53 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/uploads/2020/05/triangles.png
69.90.162.250200 OK 1.1 kB URL HTTP/2 wethe6and9.ca/wp-content/uploads/2020/05/triangles.png
IP 69.90.162.250:0
File type PNG image data, 110 x 99, 8-bit/color RGBA, non-interlaced\012- data
Hash 52124c842ad92bb04cad92aa93b716d7
b2d1aa1c7f9cd0a4d3ecad174e08138b42a308cd
4e6e2ecf1725f9e8d1e7a0b2f9ae1dae9e7aa8744ecf6f36e213adfa1fb72406
GET /wp-content/uploads/2020/05/triangles.png HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Cookie: _ga=GA1.2.196514085.1670512733; _gid=GA1.2.1022099771.1670512733; _gat_gtag_UA_101653433_3=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 01 Jun 2020 17:29:33 GMT
accept-ranges: bytes
content-length: 1077
content-type: image/png
date: Thu, 08 Dec 2022 15:18:53 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f5ce4070e5050733be6bded399afe53
77cf1dd30e86f5568a8e64cb42f536cf2af9301c
7fe19657e1add41e913e9a326023ff484180ca17615175ddc5d2ab57217566bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4538
x-amzn-requestid: 143f359f-c0fd-4d32-8de5-cc2c2804bb39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIHzXoAMFqmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-27db2e3c6de7216e3c17caea;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ba2tqr7qzoTbVkNM_hFETgyCLbCLvAEQjFA2jSU83qYRz6j-uIpk6Q==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:14:58 GMT
age: 61440
etag: "77cf1dd30e86f5568a8e64cb42f536cf2af9301c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/Divi/js/scripts.min.js?ver=4.14.4
69.90.162.250200 OK 0 B URL HTTP/2 wethe6and9.ca/wp-content/themes/Divi/js/scripts.min.js?ver=4.14.4
IP 69.90.162.250:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Divi/js/scripts.min.js?ver=4.14.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:45:50 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
69.90.162.250200 OK 0 B URL HTTP/2 wethe6and9.ca/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 69.90.162.250:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 23 Sep 2021 23:58:58 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.14.4
69.90.162.250200 OK 0 B URL HTTP/2 wethe6and9.ca/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.14.4
IP 69.90.162.250:0
GET /wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.14.4 HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:45:46 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2
wethe6and9.ca/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf
69.90.162.250200 OK 0 B URL HTTP/2 wethe6and9.ca/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf
IP 69.90.162.250:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf HTTP/1.1
Host: wethe6and9.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wethe6and9.ca/wp-content/et-cache/1976/et-divi-dynamic-tb-11-tb-14-1976-late.css?ver=1668890246
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Jan 2022 19:45:52 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: font/ttf
date: Thu, 08 Dec 2022 15:18:52 GMT
server: Apache
X-Firefox-Spdy: h2