r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10134
Expires: Sun, 04 Sep 2022 18:18:01 GMT
Date: Sun, 04 Sep 2022 15:29:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 04 Sep 2022 14:44:11 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SVJ7-jFuno_KqnvESaeDIpQzrRf0iIRlEpanTmeC3nDiL4GjmbLgug==
Age: 2696
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EmjnfGNLaAzItLzLS2_9q50E8IiYoyYegUt0Qu07XX2nsyefmVodgg==
age: 51230
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 15:29:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 04 Sep 2022 14:38:16 GMT
Expires: Sun, 04 Sep 2022 15:03:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4PaqeaaWnH_xcJHt53Q4MMTcc0Hcl6QUhu24M8_WOfh3SHIdufruag==
Age: 3051
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 77d035f38a45e8a1ec30d5fe9611880b
01cf34de95257da64dac90edf5a86203f1160271
7dc687d6bb1679ba5567e58b4f8c1e78766e7ee36273ba7f62068c595d57f7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4390
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 15:29:07 GMT
Last-Modified: Sun, 04 Sep 2022 14:15:57 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.80.175.197101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.175.197:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eu9aZT292U+hYqSrXIldng==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tkojFt4oYT1q4h4X5iqTv9jkFIg=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15025
Expires: Sun, 04 Sep 2022 19:39:34 GMT
Date: Sun, 04 Sep 2022 15:29:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15025
Expires: Sun, 04 Sep 2022 19:39:34 GMT
Date: Sun, 04 Sep 2022 15:29:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15025
Expires: Sun, 04 Sep 2022 19:39:34 GMT
Date: Sun, 04 Sep 2022 15:29:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15025
Expires: Sun, 04 Sep 2022 19:39:34 GMT
Date: Sun, 04 Sep 2022 15:29:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc4ceb10dd9fcaab21ae58dcf10c401f
6ce530af682094dc5413db9de02565691fab4da7
84ad58e126cce2ab6b1568ffe89a116bc1de0310bb72d4530eead2fb8191572c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11380
x-amzn-requestid: 61f37e21-33a8-49e6-b384-4ca1fcfbffa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8TLFA3oAMFQjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117414-42de5c4128eb9e011d848356;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0voKdiDdj0mq8-VRFSWcYcQXaWti7929bpdKSQMWDoVCmOAPepuDg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 03:48:57 GMT
age: 42012
etag: "6ce530af682094dc5413db9de02565691fab4da7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: 1c5fbc89-8ce8-4792-b713-f2c0ceeab737
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wifFJYoAMFi0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7a9-214311e155c661ff77d89906;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wd9SF3txQNTVUaSPcKQ_nQfPt1pBjFbuHzSZiQjfbGBSb-i7J8Rgjg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:44:29 GMT
age: 63880
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa79c31ef-8277-4472-8ef6-9ea1d733084d.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa79c31ef-8277-4472-8ef6-9ea1d733084d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5958d2ad91c698c62988bdb9256a4543
97f2c77f55f38ff6825fa7fc2ff3198bdef02517
578729554c47a75c74fb3f2d45865592291a35511e0b490b6b8cd4e72e917b73
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa79c31ef-8277-4472-8ef6-9ea1d733084d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8228
x-amzn-requestid: b107192f-7526-4c2e-8978-e4eceb93e09c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wxsE9OIAMFhqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c80a-20ca9d565d4a04126e3b41b9;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:58 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TTxBe-5G-7O6n898Yv4zZhODXSiVvaUtO6LRX3yYtljzAlP_55i0bg==
via: 1.1 7256fedee68a59a508800e0dda035348.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:12:37 GMT
age: 62192
etag: "97f2c77f55f38ff6825fa7fc2ff3198bdef02517"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bdfdf7e36f78f2f0e4d7ede9fdb76a8
babb88202741bbf2d4fd25e0731a4a7a6fcc28f8
949ea108642789e1014150909060f11d99608f082760d0e868a90282f2768d43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9690
x-amzn-requestid: 614c99f8-116a-4603-bcde-3fbd5bfa14d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wx1HInIAMFiYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c80b-25c09c3227d72395408782f0;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5_jCLvdAC-XR-ax3RUbbx9275KPwACOPtAMxSbmv-aP-Lra4sC5zvw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:51:41 GMT
age: 63448
etag: "babb88202741bbf2d4fd25e0731a4a7a6fcc28f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c0d77a2b715f8f2547f11cc5674432b
51ca3fc7e7048f035f79c4e425197bc618671b8c
34cad56ca82b17b5df4c010eecb2c7ea348faec15d33fa4b294c0ed46e2c5de8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8331
x-amzn-requestid: 53b40605-8cb6-4c36-931f-67be541289e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wigGtToAMFscw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7a9-645ce10e6bd850f84fcbf256;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a0mNmWIp04fLKVgImJIc6CWErbhadUOhXG2XurGRbCgDgjSwz44p0w==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:07:28 GMT
age: 62501
etag: "51ca3fc7e7048f035f79c4e425197bc618671b8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca50f9c56ff869b0b63ca71b1a9f8170
13b16ca74113dfd52ccf23e6bb39307fc713f984
76b85dd7e018ab4b3d4b2610f90dbca61d0f05d38a3b905fee789af131ae7538
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14855
x-amzn-requestid: 65cf850b-227a-4318-a00e-d7cd4ef81489
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjuGtpoAMFvvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b1-54bc36741984491b0509d173;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M9Y8U9vqVs1ATiPP9jLPybTJ-xwC--5oiRUpj9-imTWfh6_rmtL5Kw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:54:46 GMT
age: 63263
etag: "13b16ca74113dfd52ccf23e6bb39307fc713f984"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hotelsale.online/
199.250.192.223301 Moved Permanently 0 B IP 199.250.192.223:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Sep 2022 15:29:07 GMT
Server: Apache
X-UA-Compatible: IE=edge
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: http://www.hotelsale.online/
Keep-Alive: timeout=3, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 15:29:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/pikaday.css
199.250.192.223200 OK 4.7 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/pikaday.css
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 502e287ce4ca080ead0a8289a15810cc
b06baa0ac62d5b6d2b8fb895407dc2a11c97ba15
88b3e18f3e71a7eaaefeefe989526b561a4794a1bf85463b3c5d1389bbf09b73
GET /wp-content/plugins/travelpayouts/app/public/css/lib/pikaday.css HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 4684
Keep-Alive: timeout=3, max=100
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 15:29:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto+Slab%3A700&subset=latin%2Ccyrillic-ext%2Ccyrillic&ver=0.7.6
142.250.74.10200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Slab%3A700&subset=latin%2Ccyrillic-ext%2Ccyrillic&ver=0.7.6
IP 142.250.74.10:0
Hash 52ae3a32e822960a67c5cf71751fd0b9
ce32041773ea440228ea4e2632c1353f31b8403e
8406723ad6055f96cfbf16455398efa6af4904754ac9b2a4c5b0e3f7cd872df6
GET /css?family=Roboto+Slab%3A700&subset=latin%2Ccyrillic-ext%2Ccyrillic&ver=0.7.6 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hotelsale.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Sep 2022 15:29:14 GMT
date: Sun, 04 Sep 2022 15:29:14 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/jquery-ui/jquery-ui.min.css
199.250.192.223200 OK 26 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/jquery-ui/jquery-ui.min.css
IP 199.250.192.223:0
File type ASCII text, with very long lines (25087), with CRLF line terminators
Hash eee41be1b916c1472bc4097d5c1f69cd
fc18bca15fab1dcd93756ea120ef0e66ef226a7e
5f86a186f9d6c88457a9d56305917b1801028fcb93ba666e40aa6fc9c2176b21
GET /wp-content/plugins/travelpayouts/app/public/css/lib/jquery-ui/jquery-ui.min.css HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 25510
Keep-Alive: timeout=3, max=100
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/themes/railway/css/main.css?ver=0.7.6
199.250.192.223200 OK 21 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/themes/railway/css/main.css?ver=0.7.6
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash a206675233c8a964858991eaf645df39
56d5eef6490730d17ca2413848b3fd73958f289c
28da474e6fbe886c4cd0564a89574ef5a46eddd5f350a8fc4281df5ca3049022
GET /wp-content/plugins/travelpayouts/app/public/themes/railway/css/main.css?ver=0.7.6 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 20785
Keep-Alive: timeout=3, max=100
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/themes/flight/css/table-3.css?ver=0.7.6
199.250.192.223200 OK 18 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/themes/flight/css/table-3.css?ver=0.7.6
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 4a37cc42b403d136da6e927c48178913
2f6560fb37547e8d11f66ef7dbf3c8e44da94749
ce93cbe8eee43631a09e70852e3f46edee4237c9e98e844d2c38a3081a66f19c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/themes/flight/css/table-3.css?ver=0.7.6 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 17631
Keep-Alive: timeout=3, max=100
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/fontello.css
199.250.192.223200 OK 5.5 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/fontello.css
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 2ceb66a1760edac2ebaa7efaa97f0ca3
d5038e9840fc290c7148f5337a91b21ea78101f4
361a4e9ce04165203f44df41bcbc8fa9c81e95f09053dd89ba7dd6f3b8da8676
GET /wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/fontello.css HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 5496
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/themes/hotel/css/main.css?ver=0.7.6
199.250.192.223200 OK 14 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/themes/hotel/css/main.css?ver=0.7.6
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 780365d83cd0a0b8effa8bb6ee548976
b85327fb4d43db5d0f30be779998aa07a69220ef
da58229b2c87429b0cdbe6b2b16471dea26d88d680538750234756b00ab9a5c2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/themes/hotel/css/main.css?ver=0.7.6 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 14245
Keep-Alive: timeout=3, max=100
Content-Type: text/css
fonts.googleapis.com/css?family=Roboto%3A400%2C300%2C100%2C500%2C700%2C900&subset=latin%2Ccyrillic-ext%2Ccyrillic&ver=0.7.6
142.250.74.10200 OK 801 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A400%2C300%2C100%2C500%2C700%2C900&subset=latin%2Ccyrillic-ext%2Ccyrillic&ver=0.7.6
IP 142.250.74.10:0
Hash 93704c15aa61bceaaa47957c876aaa5b
3e5f5fc6bd66cd9c50f497a37b87309fdf2c630b
0abedd277aee03d6f632ada2eec357543ae0d12ffb0e6354906b15c659f4a5da
GET /css?family=Roboto%3A400%2C300%2C100%2C500%2C700%2C900&subset=latin%2Ccyrillic-ext%2Ccyrillic&ver=0.7.6 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hotelsale.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Sep 2022 15:29:14 GMT
date: Sun, 04 Sep 2022 15:29:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hotelsale.online/wp-includes/js/wp-emoji-release.min.js?ver=4.9.21
199.250.192.223200 OK 12 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/wp-emoji-release.min.js?ver=4.9.21
IP 199.250.192.223:0
File type ASCII text, with very long lines (9063)
Hash fe0575b66568074463f12485d90f6d4c
aeedd9ab3b7874e63f647042963cb1301a38b391
647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7
GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.21 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 14:05:48 GMT
Accept-Ranges: bytes
Content-Length: 11943
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/simple-line-icons.min.css?ver=2.4.0
199.250.192.223200 OK 11 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/simple-line-icons.min.css?ver=2.4.0
IP 199.250.192.223:0
File type ASCII text, with very long lines (10909), with no line terminators
Hash efe821f733ffd60ec12a5858c640d310
a373f19e9e702846a2b0282046a02d1a7d2646b1
00cb5467cd1232cc0358b03f57cdba0c37d8a4c74fc8949a5dc62ab36e803c5c
GET /wp-content/themes/oceanwp/assets/css/third/simple-line-icons.min.css?ver=2.4.0 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 10909
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/animation.css
199.250.192.223200 OK 1.9 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/animation.css
IP 199.250.192.223:0
File type ASCII text, with CRLF line terminators
Hash e7da1c1d837b0be2240c2c23bf0c4475
f763298ac4912e0e83793883936107722f130250
5693d3fc7e182e6415edeaf606b8d0ba0d8a6de5d3a94b64b74cf059abd211fa
GET /wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/animation.css HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 1942
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/TPCurrencyMainNew.css
199.250.192.223200 OK 1.3 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/TPCurrencyMainNew.css
IP 199.250.192.223:0
File type ASCII text, with CRLF line terminators
Hash 1044d55b99a57610129d4618b6620ec1
97aae484ecfdc78d7e13f94404ab3f27f25fa459
4c48338156876c15631f7cc86dd3f700d5b07b4a14202a7e67c8a85df91dcf5d
GET /wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/TPCurrencyMainNew.css HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 1271
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/
199.250.192.223200 OK 22 kB IP 199.250.192.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1746), with CRLF, LF line terminators
Hash 4cbc88b60586bf03341554de07977cab
c22343fea63759e100ff1179e8f4b93f830cf9cb
4a9a705eb6634c266983a931721fc6f1def04a53762d30a6b1e4521d3c7f1e60
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:11 GMT
Server: Apache
X-UA-Compatible: IE=edge
Link: <http://www.hotelsale.online/wp-json/>; rel="https://api.w.org/", <http://www.hotelsale.online/>; rel=shortlink
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=3, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/font-awesome.min.css?ver=4.7.0
199.250.192.223200 OK 31 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/font-awesome.min.css?ver=4.7.0
IP 199.250.192.223:0
File type ASCII text, with very long lines (30927)
Hash f5d50db715b648e3e7a6d296df98cec6
2e872d71cc5e0f8251a6c0f1a9dab3c09812c741
c4fe355dfa317d1cfaf6a39aa324e94c8a96fcf73410b7f9eec59951cdfaa593
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/oceanwp/assets/css/third/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 31089
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0abe76a0b974cf20841d418bb2fe3836
4a18e15206df2335a5b716069b349b915b988513
90c2b7ceb7819c18e20d3f8d7a299a0464734249f4ba1d200c4f49fb247ba99b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90C2B7CEB7819C18E20D3F8D7A299A0464734249F4BA1D200C4F49FB247BA99B"
Last-Modified: Fri, 02 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16752
Expires: Sun, 04 Sep 2022 20:08:26 GMT
Date: Sun, 04 Sep 2022 15:29:14 GMT
Connection: keep-alive
www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/magnific-popup.min.css?ver=1.0.0
199.250.192.223200 OK 5.2 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/magnific-popup.min.css?ver=1.0.0
IP 199.250.192.223:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash c94c9f38516a99b1f2ab4bfb5da9840d
e526235ccc849d3c263d0063619e9bc7083cb2f3
130258c738258aede53d50cd605361e26189d1176960bd440a8785d81e9ee331
GET /wp-content/themes/oceanwp/assets/css/third/magnific-popup.min.css?ver=1.0.0 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 5213
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/slick.min.css?ver=1.6.0
199.250.192.223200 OK 1.6 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/slick.min.css?ver=1.6.0
IP 199.250.192.223:0
File type ASCII text, with very long lines (1575), with no line terminators
Hash 753be146b0f72724e7c99e818fb12784
d524c3bfc25084afca1529b311140be1736fdf53
f94c40827295309e660e47038ab6c021e897ec570d812298d3d475159ddc8596
GET /wp-content/themes/oceanwp/assets/css/third/slick.min.css?ver=1.6.0 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 1575
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
199.250.192.223200 OK 3.9 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
IP 199.250.192.223:0
File type ASCII text, with very long lines (3704)
Hash e6784d91bf2c668bc4093063c5b15113
687e1d2e957a821280dbd205ae66182f16dfdc30
194ebae85ff853319e8668f23a4c5bf371a7d9f5d550a40980ab53026ddaaa17
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 14:05:48 GMT
Accept-Ranges: bytes
Content-Length: 3929
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
199.250.192.223200 OK 6.8 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
IP 199.250.192.223:0
File type ASCII text, with very long lines (6608)
Hash 664c2622f0d31d62678f4830aabfe291
4e317239cbcadf241bf89340262542e6962ea69c
99ada7e01817367027759ac452a1dd11eca7557272b8940d659c07adb6bc8cbe
GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 14:05:48 GMT
Accept-Ranges: bytes
Content-Length: 6832
Keep-Alive: timeout=3, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
199.250.192.223200 OK 12 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
IP 199.250.192.223:0
File type ASCII text, with very long lines (11801)
Hash 5baf42281f4fbb128816f6883fb5ff3e
ee59fc985c4c7d6b34ed6f8b31a1fbbbd7ad7713
af6dd3662512bb4d13849eefd579d23ad8b28152aa6bf822fcf652412fd0cebf
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 14:05:48 GMT
Accept-Ranges: bytes
Content-Length: 12014
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
199.250.192.223200 OK 10 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 199.250.192.223:0
File type ASCII text, with very long lines (9959)
Hash 7121994eec5320fbe6586463bf9651c2
90532aff6d4121954254cdf04994d834f7ec169b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 20 May 2016 15:41:28 GMT
Accept-Ranges: bytes
Content-Length: 10056
Keep-Alive: timeout=3, max=100
Content-Type: application/javascript
www.hotelsale.online/wp-content/plugins/ocean-extra/assets/css/widgets.css?ver=4.9.21
199.250.192.223200 OK 37 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/ocean-extra/assets/css/widgets.css?ver=4.9.21
IP 199.250.192.223:0
File type ASCII text, with very long lines (36994)
Hash 7f0ffdba502a89a04e625623bff6976d
6a7d4749261fad03714658cc23a76bd1eedb913b
9de0d24675d34b06af8a34918b566f94e8296d32228371766cbc15d8abc74195
GET /wp-content/plugins/ocean-extra/assets/css/widgets.css?ver=4.9.21 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Sun, 02 Sep 2018 01:28:57 GMT
Accept-Ranges: bytes
Content-Length: 36995
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/date.format.js
199.250.192.223200 OK 4.0 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/date.format.js
IP 199.250.192.223:0
File type ASCII text, with CRLF line terminators
Hash ce005a19bd8c3445eff825d12c64be5d
4c81fd4f1d07ff8997f98dd4c5ad41b5587a4862
00aa9bf334f2cc56c4e3485e2b8e4f0586f213c2ecdb1024281e532c4a1a94f5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/date.format.js HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 4011
Keep-Alive: timeout=3, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/themes/oceanwp/assets/css/style.min.css?ver=1.5.26
199.250.192.223200 OK 155 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/css/style.min.css?ver=1.5.26
IP 199.250.192.223:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65531), with no line terminators
Size 155 kB (155267 bytes)
Hash 79e31be2e94eb88b0c1c52e7b96ff5c3
a41bcdc6e3efefd2f8aba36a28e0c10977bcb765
8acf88d7336855411c56146b38885ac77618e0167951c702f7fea01edf3ab56e
GET /wp-content/themes/oceanwp/assets/css/style.min.css?ver=1.5.26 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 155267
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/css
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.jquery.js
199.250.192.223200 OK 1.6 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.jquery.js
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 5ab3976821382694d7c530cbf3de9b8b
1952422deb2531eec1cd067fb26181cf98fead86
413cd30469ae52fee994be6a50f710d043018694ba315f8162b6df091f3a5a33
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.jquery.js HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 1586
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/jquery.dataTables.min.js
199.250.192.223200 OK 83 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/jquery.dataTables.min.js
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with very long lines (557), with CRLF line terminators
Hash 614fd3ee31851c497e4e0e302d94a630
8fef6ad7bd64324dce7d88546f2f6e610c06c377
ea1c11ebd5e0683c3267fe2bcd43efe62be79bedfa8df29069df385c5ac07678
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/jquery.dataTables.min.js HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 82804
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.js
199.250.192.223200 OK 46 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.js
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash c35aa863defbd6c923f2e7966f927c0e
8ec26f953657e123958989bd5fc750247e7a128d
056c52a519e4b95b38ceb1af4637b6d16a4589553dbb7221f047a57e18315113
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.js HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 46266
Keep-Alive: timeout=3, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/site/TPPlugin.js
199.250.192.223200 OK 21 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/travelpayouts/app/public/js/site/TPPlugin.js
IP 199.250.192.223:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash b49e9a7db67f1838a14d1777c0987551
ccb30d8feae4b749a2d91f6f463f0977e4f3b9f0
86b7c835445266a77b34c78f29a551fcf7a873afa5b883af43109db988c860b4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/site/TPPlugin.js HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:14 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 16:43:15 GMT
Accept-Ranges: bytes
Content-Length: 21022
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/plugins/ocean-extra//includes/widgets/js/mailchimp.min.js?ver=4.9.21
199.250.192.223200 OK 1.2 kB URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/ocean-extra//includes/widgets/js/mailchimp.min.js?ver=4.9.21
IP 199.250.192.223:0
File type ASCII text, with very long lines (1175), with no line terminators
Hash 4fb38de1728cf7f23aa8b49d85bddde5
e86c3f986c86ecb76a847ca941b8f58a7a56421d
d2eb1965303eafea60a6e6d9e7ebee1fa1c589105123ad59f2cc6e2dd3f25957
GET /wp-content/plugins/ocean-extra//includes/widgets/js/mailchimp.min.js?ver=4.9.21 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Sun, 02 Sep 2018 01:28:57 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=3, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-includes/js/imagesloaded.min.js?ver=3.2.0
199.250.192.223200 OK 7.9 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/imagesloaded.min.js?ver=3.2.0
IP 199.250.192.223:0
File type ASCII text, with very long lines (7855), with no line terminators
Hash f5c25c9c6d60162ba8865649b89e56fc
520fa90c637f9e93f16ec3674136c61a0c1e3d60
337c515e1a749dfe4d3fc568c830b631f7ed4de0a1ee9ba28ed5c8c430ec1f9a
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/imagesloaded.min.js?ver=3.2.0 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 14:05:48 GMT
Accept-Ranges: bytes
Content-Length: 7855
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/themes/oceanwp/assets/js/third/magnific-popup.min.js?ver=1.5.26
199.250.192.223200 OK 20 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/js/third/magnific-popup.min.js?ver=1.5.26
IP 199.250.192.223:0
File type ASCII text, with very long lines (20176), with no line terminators
Hash 14b16c0a613dccf79fea485ec09717a1
afb92d01f28194254e54d618396819f8a10f0438
c78a38f48aa4252bdbee7ebebc0dc68eaa95f27d362aa58021fd2f085ca0df4a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/oceanwp/assets/js/third/magnific-popup.min.js?ver=1.5.26 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 20176
Keep-Alive: timeout=3, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/plugins/ocean-extra//includes/widgets/js/share.min.js?ver=4.9.21
199.250.192.223200 OK 197 B URL HTTP/1.1 www.hotelsale.online/wp-content/plugins/ocean-extra//includes/widgets/js/share.min.js?ver=4.9.21
IP 199.250.192.223:0
File type ASCII text, with no line terminators
Hash c5935bade23936a28a1b0f0eacd59912
4752cca2ad41da4e2164cf916cab8566582ce57a
3284416fda0121eebccca7ba3cd79369fd9d8dfe34488308d0b470b2c8c0369a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ocean-extra//includes/widgets/js/share.min.js?ver=4.9.21 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Sun, 02 Sep 2018 01:28:57 GMT
Accept-Ranges: bytes
Content-Length: 197
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/themes/oceanwp/assets/js/third/lightbox.min.js?ver=1.5.26
199.250.192.223200 OK 1.2 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/js/third/lightbox.min.js?ver=1.5.26
IP 199.250.192.223:0
File type ASCII text, with very long lines (1248), with no line terminators
Hash c2940304f2c898ad4391a9ea96e37e64
5df4416bb76a99c2f0bc5a4557b6cb0055fce727
af0267055194b8495fca64e1134f6945df1cae01c54f88a387a8507d008ae3c5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/oceanwp/assets/js/third/lightbox.min.js?ver=1.5.26 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 1248
Keep-Alive: timeout=3, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-includes/js/wp-embed.min.js?ver=4.9.21
199.250.192.223200 OK 1.4 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/wp-embed.min.js?ver=4.9.21
IP 199.250.192.223:0
File type ASCII text, with very long lines (1391), with no line terminators
Hash 570ae0f3c201604926ea599d3d1f6c04
2c29243a73660964d4712b969d2a15e27777bc14
5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-embed.min.js?ver=4.9.21 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 14:05:49 GMT
Accept-Ranges: bytes
Content-Length: 1391
Keep-Alive: timeout=3, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-content/themes/oceanwp/assets/js/main.min.js?ver=1.5.26
199.250.192.223200 OK 124 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/js/main.min.js?ver=1.5.26
IP 199.250.192.223:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 124 kB (123507 bytes)
Hash b2d9157ba53608c1226db7a16568b0e8
be65c7c78e3ae443ef50df40c6e6d069a5ce98d9
b1180b215fc47b0a156c2431ba07c823d6596afc97ddbfc7ce604185d0f4fe73
GET /wp-content/themes/oceanwp/assets/js/main.min.js?ver=1.5.26 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 123507
Keep-Alive: timeout=3, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.hotelsale.online/wp-includes/js/jquery/jquery.js?ver=1.12.4
199.250.192.223200 OK 97 kB URL HTTP/1.1 www.hotelsale.online/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 199.250.192.223:0
File type ASCII text, with very long lines (31997)
Hash dc5ba5044fccc0297be7b262ce669a7c
f137ff98ae379e35b0702967d3b6866a0a40e3be
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Thu, 05 Sep 2019 01:57:57 GMT
Accept-Ranges: bytes
Content-Length: 96874
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: application/javascript
avsplow.com/a/j.gif?p=web&tv=pixel&e=se&aid=tp_widgets&se_ca=mewtwo&se_ac=proxy_init&co=%7B%22schema%22%3A%22contexts%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22event%22%2C%22data%22%3A%7B%22widget_id%22%3A%22bd7992c50ecc07bfd0896adba9d8d115%22%2C%22trace_id%22%3A%22Zz2808f63cf5e84b3f8f1e9f9-186929%22%2C%22promo_id%22%3A%224238%22%7D%7D%5D%7D
185.106.81.236302 Found 0 B URL HTTP/1.1 avsplow.com/a/j.gif?p=web&tv=pixel&e=se&aid=tp_widgets&se_ca=mewtwo&se_ac=proxy_init&co=%7B%22schema%22%3A%22contexts%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22event%22%2C%22data%22%3A%7B%22widget_id%22%3A%22bd7992c50ecc07bfd0896adba9d8d115%22%2C%22trace_id%22%3A%22Zz2808f63cf5e84b3f8f1e9f9-186929%22%2C%22promo_id%22%3A%224238%22%7D%7D%5D%7D
IP 185.106.81.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/j.gif?p=web&tv=pixel&e=se&aid=tp_widgets&se_ca=mewtwo&se_ac=proxy_init&co=%7B%22schema%22%3A%22contexts%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22event%22%2C%22data%22%3A%7B%22widget_id%22%3A%22bd7992c50ecc07bfd0896adba9d8d115%22%2C%22trace_id%22%3A%22Zz2808f63cf5e84b3f8f1e9f9-186929%22%2C%22promo_id%22%3A%224238%22%7D%7D%5D%7D HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 302 Found
date: Sun, 04 Sep 2022 15:29:15 GMT
content-length: 0
location: http://avsplow.com/a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%22bd7992c50ecc07bfd0896adba9d8d115%22,%22trace_id%22:%22Zz2808f63cf5e84b3f8f1e9f9-186929%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web
set-cookie: nuid=5166f1f8-1994-43aa-9dcb-a0e51ad0eb13; Expires=Mon, 04 Sep 2023 15:29:15 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: *
access-control-allow-credentials: true
st.avsplow.com/19.18.9/sp.js
172.67.68.237200 OK 14 kB URL HTTP/1.1 st.avsplow.com/19.18.9/sp.js
IP 172.67.68.237:0
File type C source, ASCII text, with very long lines (42421), with no line terminators
Hash d1dc617e8609681b522f882027f36d2f
5e2f0899e483a8ce2601d8a41c312caca3028d31
65696064e13761b665b488108bfc7965e4ee4c55657eddacfc084ffeabb8080e
GET /19.18.9/sp.js HTTP/1.1
Host: st.avsplow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=42630
cache-control: public, max-age=86400
etag: W/"fb6c75c607bf3120c5b82845fbd28e71"
last-modified: Mon, 11 Jul 2022 06:29:08 GMT
CF-Cache-Status: HIT
Age: 21006
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PpWGymX%2BiSUOv%2BY8eQd8tGT6DX58FiS01C9jDdk0n78ZiVW85ctu27lpnzxeKlhhyP%2BSXhXaSFpO8eaWjFML4LEJC5ES1s%2FqGGjZpm8hbtZmwUviOP28t9hkikOseXBo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7457c278ddd0b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.travelpayouts.com/mewtwo/styles.css?v=002
188.42.198.252302 Found 0 B URL HTTP/1.1 www.travelpayouts.com/mewtwo/styles.css?v=002
IP 188.42.198.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mewtwo/styles.css?v=002 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 302 Found
content-length: 0
location: https://www.travelpayouts.com/mewtwo/styles.css?v=002
cache-control: no-cache
www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
188.42.198.252302 Found 0 B URL HTTP/1.1 www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
IP 188.42.198.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 302 Found
content-length: 0
location: https://www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
cache-control: no-cache
www.travelpayouts.com/mewtwo/styles.css?v=002
188.42.198.252200 OK 12 kB URL HTTP/2 www.travelpayouts.com/mewtwo/styles.css?v=002
IP 188.42.198.252:0
File type ASCII text, with very long lines (65357)
Hash b5f50e343007440b6f3aeecf8e3f3187
f905664177d8174798e7380677e72859098228d3
354ba1f95b5efbeaf049f995e1ac76e146dda43d98e2d28b478a7781c520b67c
GET /mewtwo/styles.css?v=002 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.hotelsale.online/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 15:29:14 GMT
content-type: text/css
content-length: 12051
last-modified: Wed, 10 Aug 2022 14:03:38 GMT
content-encoding: br
cache-control: public, max-age=600
access-control-allow-origin: *
set-cookie: auid_tp=CtYRWmMUxEpS+b7gLVcrAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51cc900d28af1523777bc2b00f153d08
ebdbc8dc5542443be79d33b92c542eb761bdbd12
f6c93dbe7300877c3cc4bb314e31e3d68fd90ae487cf0963d27be25bc02fba5c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6C93DBE7300877C3CC4BB314E31E3D68FD90AE487CF0963D27BE25BC02FBA5C"
Last-Modified: Sat, 03 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 04 Sep 2022 21:29:15 GMT
Date: Sun, 04 Sep 2022 15:29:15 GMT
Connection: keep-alive
www.travelpayouts.com/powered_by/img/tp.png
188.42.198.252200 OK 3.6 kB URL HTTP/2 www.travelpayouts.com/powered_by/img/tp.png
IP 188.42.198.252:0
File type PNG image data, 283 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8934cc1961da6926042c24e4db53164
8afbdf789f7e3059eb48919217577f13771c5a48
2485b6352182e9b84c6010dedea330b64058983d22008327a64fd7d9b10df905
GET /powered_by/img/tp.png HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hotelsale.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 15:29:15 GMT
content-type: image/png
content-length: 3584
last-modified: Thu, 25 Aug 2022 11:10:46 GMT
etag: "630758b6-e00"
set-cookie: auid_tp=CtYRWmMUxEtTPr7iR23wAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
accept-ranges: bytes
X-Firefox-Spdy: h2
www.hotelsale.online/wp-content/themes/oceanwp/assets/fonts/simple-line-icons/Simple-Line-Icons.woff2?v=2.4.0
199.250.192.223200 OK 30 kB URL HTTP/1.1 www.hotelsale.online/wp-content/themes/oceanwp/assets/fonts/simple-line-icons/Simple-Line-Icons.woff2?v=2.4.0
IP 199.250.192.223:0
File type Web Open Font Format (Version 2), TrueType, length 30064, version 1.0\012- data
Hash 0cb0b9c589c0624c9c78dd3d83e946f6
5da603104d4d6e362824ec9e7db32eb2d617949a
104673f4859604362a18fc6294197d8fffb8cb24ad3211e92eb04f655e18cf4a
GET /wp-content/themes/oceanwp/assets/fonts/simple-line-icons/Simple-Line-Icons.woff2?v=2.4.0 HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.hotelsale.online/wp-content/themes/oceanwp/assets/css/third/simple-line-icons.min.css?ver=2.4.0
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache
Last-Modified: Sat, 01 Sep 2018 06:49:34 GMT
Accept-Ranges: bytes
Content-Length: 30064
Keep-Alive: timeout=3, max=96
Connection: Keep-Alive
Content-Type: font/woff2
avsplow.com/a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%22bd7992c50ecc07bfd0896adba9d8d115%22,%22trace_id%22:%22Zz2808f63cf5e84b3f8f1e9f9-186929%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web
185.106.81.236200 OK 43 B URL HTTP/1.1 avsplow.com/a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%22bd7992c50ecc07bfd0896adba9d8d115%22,%22trace_id%22:%22Zz2808f63cf5e84b3f8f1e9f9-186929%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web
IP 185.106.81.236:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fb02f374b8f73825415db1bccd4bd76d
b103aa629cacdd90b39538a7561da7f8e49ad73f
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
GET /a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%22bd7992c50ecc07bfd0896adba9d8d115%22,%22trace_id%22:%22Zz2808f63cf5e84b3f8f1e9f9-186929%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.hotelsale.online/
Connection: keep-alive
HTTP/1.1 200 OK
date: Sun, 04 Sep 2022 15:29:15 GMT
content-type: image/gif
content-length: 43
set-cookie: nuid=00000000-0000-4000-a000-000000000000; Expires=Mon, 04 Sep 2023 15:29:15 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: *
access-control-allow-credentials: true
avsplow.com/a/j
185.106.81.236200 OK 2 B IP 185.106.81.236:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /a/j HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 1195
Origin: http://www.hotelsale.online
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
date: Sun, 04 Sep 2022 15:29:15 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: nuid=dcb750c5-142d-41d0-88a0-25c527f41d67; Expires=Mon, 04 Sep 2023 15:29:15 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: http://www.hotelsale.online
access-control-allow-credentials: true
adsnet.work/scripts/place.js
193.3.19.36200 OK 376 B URL HTTP/1.1 adsnet.work/scripts/place.js
IP 193.3.19.36:0
ASN #50340 OOO Network of data-centers Selectel
Hash de1a759241f0ad31d9c97ee81dab4023
abb38b389480dbf56b50b462ecb9578fe69215b0
933300c247a5c5fd732e6561824de8a43e37e6d50be9885ed50d0acb65efccdf
Analyzer Verdict Alert fortinet Malware
GET /scripts/place.js HTTP/1.1
Host: adsnet.work
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hotelsale.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/7.4.26
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 15:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2
142.250.74.163200 OK 10 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10352, version 1.6554\012- data
Hash 4124088fdd8c315a6d096b65b6cbf428
0477e48f455cbfe729f90389d3fd8aaca6cc483b
732d5765c33eff81c7825dcc5e8cd1eda32dc04f39da7cae66accf9580b1e3a7
GET /s/opensans/v13/cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.hotelsale.online
Connection: keep-alive
Referer: https://www.travelpayouts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 00:40:06 GMT
expires: Sat, 02 Sep 2023 00:40:06 GMT
cache-control: public, max-age=31536000
age: 226149
last-modified: Mon, 27 Apr 2015 23:45:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 15:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v13/RjgO7rYTmqiVp7vzi-Q5UYX0hVgzZQUfRDuZrPvH3D8.woff2
142.250.74.163200 OK 5.9 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v13/RjgO7rYTmqiVp7vzi-Q5UYX0hVgzZQUfRDuZrPvH3D8.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5916, version 1.6554\012- data
Hash 1dd11890a67d4750f0fa20e0d48e0283
ae03c855c5176c3e7e25902f66576c5e095585b4
28add160ac626b83c6f7ce827f0c0cb8bf6f7914b140c0bd242f59d545ba3d77
GET /s/opensans/v13/RjgO7rYTmqiVp7vzi-Q5UYX0hVgzZQUfRDuZrPvH3D8.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.hotelsale.online
Connection: keep-alive
Referer: https://www.travelpayouts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5916
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 00:32:52 GMT
expires: Sat, 02 Sep 2023 00:32:52 GMT
cache-control: public, max-age=31536000
age: 226583
last-modified: Mon, 27 Apr 2015 23:46:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
188.42.198.252200 OK 583 B URL HTTP/2 www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
IP 188.42.198.252:0
File type ASCII text, with no line terminators
Hash 6fb9aa2c0da5e2e6fb19cf49cdee0cf0
dc1da107ee3bb5605cac4b691e83f36e8ef58970
3c88908db18bc2fe31e25614abfdccf9d61d35434a0126fd4707aa3f4c2738bb
GET /whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.hotelsale.online/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 15:29:15 GMT
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
x-request-id: 8f5784f57b55d514534959087aefc8d3
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v13/MTP_ySUJH_bn48VBG8sNShampu5_7CjHW5spxoeN3Vs.woff2
142.250.74.163200 OK 10 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v13/MTP_ySUJH_bn48VBG8sNShampu5_7CjHW5spxoeN3Vs.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10328, version 1.6554\012- data
Hash d8411d8bb1d6060de4fee4f3a20973cc
bda09aa58d916d532c9981c6e1c32215ab027742
417e156e282af4b7d146d16b8fc9505255de2d8d085d40e37afe5089b8fe9b77
GET /s/opensans/v13/MTP_ySUJH_bn48VBG8sNShampu5_7CjHW5spxoeN3Vs.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.hotelsale.online
Connection: keep-alive
Referer: https://www.travelpayouts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 01:53:50 GMT
expires: Sun, 03 Sep 2023 01:53:50 GMT
cache-control: public, max-age=31536000
age: 135325
last-modified: Mon, 27 Apr 2015 23:45:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 15:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hydrahydra.ir/fetch.php?tracker=adsnet.work&site=aHR0cDovL3d3dy5ob3RlbHNhbGUub25saW5lLw==
193.3.19.36200 OK 0 B URL HTTP/1.1 hydrahydra.ir/fetch.php?tracker=adsnet.work&site=aHR0cDovL3d3dy5ob3RlbHNhbGUub25saW5lLw==
IP 193.3.19.36:0
ASN #50340 OOO Network of data-centers Selectel
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fetch.php?tracker=adsnet.work&site=aHR0cDovL3d3dy5ob3RlbHNhbGUub25saW5lLw== HTTP/1.1
Host: hydrahydra.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/7.1.33
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
avsplow.com/a/j
185.106.81.236200 OK 2 B IP 185.106.81.236:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /a/j HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2249
Origin: http://www.hotelsale.online
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
date: Sun, 04 Sep 2022 15:29:16 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: nuid=195b5506-1ee9-47e5-9dea-5fa08fc717c7; Expires=Mon, 04 Sep 2023 15:29:16 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: http://www.hotelsale.online
access-control-allow-credentials: true
www.hotelsale.online/wp-content/uploads/2018/08/icon.jpg
199.250.192.223200 OK 1.9 kB URL HTTP/1.1 www.hotelsale.online/wp-content/uploads/2018/08/icon.jpg
IP 199.250.192.223:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 55x38, components 3\012- data
Hash ac8d2c08b7dfd8a48726875cf8ae2e41
784156736088003b49e117c7b87c27e98eee199e
ab454661c039982ec304a469d5edc41a821cf54aabfe3c714a0403b839c6a324
GET /wp-content/uploads/2018/08/icon.jpg HTTP/1.1
Host: www.hotelsale.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hotelsale.online/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 15:29:16 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2018 09:39:42 GMT
Accept-Ranges: bytes
Content-Length: 1948
Keep-Alive: timeout=3, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10318189f33f071dda64249ab9c8c5bb
e5b5b649a243e5c004d9923d19d4421d1ea96d23
3e775a1990e4d185024faf2fdff7a5eb9063f7ee19784f32fb4f7f10643c8102
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: 05fffcb2-43c0-4acf-81b2-1b914459e1e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwHErUIAMFmNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-47fe166763992ab271a87aa4;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oU-qOKW_Jy8MV0HLQWofKsOi_qseUcyZRoP5LoyLsCclpCgf6NHiBA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:02:43 GMT
age: 62793
etag: "e5b5b649a243e5c004d9923d19d4421d1ea96d23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.travelpayouts.com/widgets_static/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478
188.42.198.252200 OK 0 B URL HTTP/2 www.travelpayouts.com/widgets_static/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478
IP 188.42.198.252:0
GET /widgets_static/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hotelsale.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 15:29:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 11 Aug 2022 07:31:21 GMT
etag: W/"62f4b049-4f5b9"
set-cookie: auid_tp=CtY4rGMUxEqXo5j7ShiNAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
www.travelpayouts.com/widgets/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478
188.42.198.252200 OK 0 B URL HTTP/2 www.travelpayouts.com/widgets/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478
IP 188.42.198.252:0
GET /widgets/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.hotelsale.online/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 15:29:14 GMT
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=0
link: </mewtwo/styles.css?v=002>; rel=preload; as=style, </widgets_static/bd7992c50ecc07bfd0896adba9d8d115.js?v=1478>; rel=preload; as=script
timing-allow-origin: *
x-promo-id: 4238
x-request-id: 0611fd02e61c1446864559361c91c9e5
x-robots-tag: noindex
content-encoding: br
set-cookie: auid_tp=CtYRWmMUxEpTqb7has4kAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
X-Firefox-Spdy: h2