Report - www.revolutions.com/

Report Overview

Submitted URL
www.revolutions.com/
IP
208.97.148.81
ASN
#26347 DREAMHOST-AS
Submitted
2022-11-06 10:49:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.revolutions.com	unknown	2014-07-03T13:27:59Z	2022-12-01T19:38:55Z	5.8 kB	1.2 MB	208.97.148.81
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.0 kB	5.3 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.164.183.116
revolutions.com	unknown	2015-04-21T07:27:09Z	2022-12-01T19:38:54Z	445 B	337 B	208.97.148.81
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	63 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-06	medium	www.revolutions.com/	Malware
2022-11-06	medium	revolutions.com/	Malware
2022-11-06	medium	www.revolutions.com/wp-includes/blocks/cover/style.min.css?ver=6.1	Malware
2022-11-06	medium	www.revolutions.com/wp-content/themes/twentytwentytwo/style.css?ver=1.2	Malware
2022-11-06	medium	www.revolutions.com/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e	Malware
2022-11-06	medium	www.revolutions.com/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf0b0408	Malware
2022-11-06	medium	www.revolutions.com/wp-includes/blocks/navigation/style.min.css?ver=6.1	Malware
2022-11-06	medium	www.revolutions.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1	Malware
2022-11-06	medium	www.revolutions.com/wp-content/themes/twentytwentytwo/assets/fonts/source-serif-pro/SourceSerif4Variable-Roman.ttf.woff2	Malware
2022-11-06	medium	www.revolutions.com/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	www.revolutions.com/	1.0 kB	2023-03-07	2024-05-08
Pretty URL www.revolutions.com/ IP 208.97.148.81 ASN #26347 DREAMHOST-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-08 08:06:08 Times Seen1152 Hash 6e73aa2650c26e1506c32a274238b214 af3e220e827468a3f49d9b091aebf469e673fc4b ca6f1d006f8b967c69f920f7cf0a307ac13ff11e194e6244a3e5595a56d9f6e9 Loading...

	www.revolutions.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1	19 kB	2023-03-07	2024-05-09
Pretty URL www.revolutions.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1 IP 208.97.148.81 ASN #26347 DREAMHOST-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-09 23:11:39 Times Seen38241 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.revolutions.com/	2.2 kB	2023-03-10	2023-03-10
Pretty URL www.revolutions.com/ IP 208.97.148.81 ASN #26347 DREAMHOST-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 22:21:58 Last Seen2023-03-10 22:21:58 Times Seen1 Hash 6de428213657622bc1bcc44297b7f37f 0d7d9f8d1abd2ced3146900d5e228e653fb4860d 1270021f3e35cc50d086cb8519cdb64bbafe1a14481d557b57fd0c06845cecb6 Loading...

	www.revolutions.com/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf0b0408	7.8 kB	2023-03-08	2024-05-08
Pretty URL www.revolutions.com/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf0b0408 IP 208.97.148.81 ASN #26347 DREAMHOST-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:29:30 Last Seen2024-05-08 08:06:08 Times Seen426 Hash 1b5b47d5fee4805c79d9bd3c56f33467 cf9f3931bf4267be5c1c6c23b4a4e9602ee21ecf 00e1af7b16907296a301c46673a14580e1ea6cddb825d2a68724b60150b4733f Loading...

	www.revolutions.com/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e	1.1 kB	2023-03-08	2024-05-08
Pretty URL www.revolutions.com/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e IP 208.97.148.81 ASN #26347 DREAMHOST-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:29:30 Last Seen2024-05-08 08:06:09 Times Seen1848 Hash 8be8447e1257eff0eb6596a22a6eaf7f b76d07ed47d1dba4dfe92be5fb0ac340dbfc7bc0 3fbef27e01fa9ced2747df8e9ff7fff63d2c1c511027193cdf7937e3d0517863 Loading...

HTTP Transactions (31)

URL IP Response Size

www.revolutions.com/

208.97.148.81

301 Moved Permanently

232 B

URL HTTP/1.1
www.revolutions.com/
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
f82aad5ea0342886222bcd14dd3deacf
0171e49e790869422719ee684841f7578dd6bb35
d3df67ec56b6246ff16274490a9d6342548add01d8d02bfe8a9ef1b18ccaabe0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 06 Nov 2022 10:49:08 GMT
Server: Apache
Location: https://revolutions.com/
Content-Length: 232
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8286265a56e3e10efd41b41618a54071
5f10ac9a050e15f5598674dc7ee3865b325d01a8
2da2fa0b2b86ccc4029d0baa4e9c5b21a6433228b84b451b72b1d318561d4ef2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2DA2FA0B2B86CCC4029D0BAA4E9C5B21A6433228B84B451B72B1D318561D4EF2"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3886
Expires: Sun, 06 Nov 2022 11:53:54 GMT
Date: Sun, 06 Nov 2022 10:49:08 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5042
Cache-Control: max-age=86758
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 10:49:08 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 10:55:06 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3639
Expires: Sun, 06 Nov 2022 11:49:47 GMT
Date: Sun, 06 Nov 2022 10:49:08 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: XMoM48pmF4ED7wEIysWMXm7B9Cx/pSGeK2vRuJvdb0YiUmWLCt75/zCozLeOepRb9WuTJnjLaao=
x-amz-request-id: A6N9QT7N9FR1JFT6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 10:10:24 GMT
age: 2324
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 10:49:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5176
Cache-Control: max-age=171838
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 10:49:09 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:33:07 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.164.183.116

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.183.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 83KrPPR0GzPBEXsD4UCB9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jdbXY1mpXlDvNgxyp0HWWTaGWfc=

revolutions.com/

208.97.148.81

301 Moved Permanently

0 B

URL HTTP/2
revolutions.com/
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Sun, 06 Nov 2022 10:49:09 GMT
server: Apache
vary: Accept-Encoding,Cookie,User-Agent
x-redirect-by: WordPress
location: https://www.revolutions.com/
cache-control: max-age=600
expires: Sun, 06 Nov 2022 10:59:09 GMT
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

www.revolutions.com/wp-includes/blocks/cover/style.min.css?ver=6.1

208.97.148.81

200 OK

1.6 kB

URL HTTP/2
www.revolutions.com/wp-includes/blocks/cover/style.min.css?ver=6.1
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
ASCII text, with very long lines (16659), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
3bfee99a17fc3e4141ac869cb64c02d3
f03a108f4dd96e3771289b468c0884ac00e95840
073807de69e35562846a96407b42eadcdb27f28a7e6aac1c53102b642d505993

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/blocks/cover/style.min.css?ver=6.1 HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 02 Nov 2022 09:30:56 GMT
etag: "4113-5ec797f6cfdce-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1646
content-type: text/css
X-Firefox-Spdy: h2

www.revolutions.com/wp-content/themes/twentytwentytwo/style.css?ver=1.2

208.97.148.81

200 OK

2.0 kB

URL HTTP/2
www.revolutions.com/wp-content/themes/twentytwentytwo/style.css?ver=1.2
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
Unicode text, UTF-8 text, with very long lines (948)
Size
2.0 kB (2007 bytes)
Hash
3d3adc3d7b6af3ce9f87d9c8f5ddc161
4acec777fc8988faf239efd33d85847557e2fb95
c64944af0f06ced07b708542ef63339d87c91857d426047b7f912731ebfce9ff

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/twentytwentytwo/style.css?ver=1.2 HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 31 Aug 2022 23:15:41 GMT
etag: "15e2-5e791aceff9f2-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2007
content-type: text/css
X-Firefox-Spdy: h2

www.revolutions.com/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e

208.97.148.81

200 OK

412 B

URL HTTP/2
www.revolutions.com/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
ASCII text, with very long lines (1144), with no line terminators
Size
412 B (412 bytes)
Hash
8f79ccdaccc8b1d81ca31d70e0b51b41
40fb55ff24d9283969f627144d45ad6388e689a9
4b1067cb38c169dde54bf0e9b15205e3257798d3a3bd78c846e9c34d960fe4fe

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 02 Nov 2022 09:30:56 GMT
etag: "478-5ec797f71244a-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 412
content-type: application/javascript
X-Firefox-Spdy: h2

www.revolutions.com/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf0b0408

208.97.148.81

200 OK

2.8 kB

URL HTTP/2
www.revolutions.com/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf0b0408
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
Unicode text, UTF-8 text, with very long lines (7775), with no line terminators
Size
2.8 kB (2790 bytes)
Hash
e96b99e10a042f7e2748165c1fd73d27
c8022e2977043535a71d82ff91ea5cfbb2220e11
b85bde776f9c602a0fab63df064ad828532fd4f0c2fada424c378226a8707836

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf0b0408 HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 02 Nov 2022 09:30:56 GMT
etag: "1e63-5ec797f7191aa-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2790
content-type: application/javascript
X-Firefox-Spdy: h2

www.revolutions.com/wp-includes/blocks/navigation/style.min.css?ver=6.1

208.97.148.81

200 OK

2.3 kB

URL HTTP/2
www.revolutions.com/wp-includes/blocks/navigation/style.min.css?ver=6.1
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
ASCII text, with very long lines (15342), with no line terminators
Size
2.3 kB (2278 bytes)
Hash
39843fd84920f3f91af8b7f96bdfbe76
fb8bea3015afdd595d1fa0091494d257e9d99c51
751cd8859fbc4022de6b86f835e1b014c149dc9738b84bbdc07205441d47f454

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/blocks/navigation/style.min.css?ver=6.1 HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 02 Nov 2022 09:30:56 GMT
etag: "3bee-5ec797f70f56a-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2278
content-type: text/css
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2440
Expires: Sun, 06 Nov 2022 11:29:50 GMT
Date: Sun, 06 Nov 2022 10:49:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2440
Expires: Sun, 06 Nov 2022 11:29:50 GMT
Date: Sun, 06 Nov 2022 10:49:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2440
Expires: Sun, 06 Nov 2022 11:29:50 GMT
Date: Sun, 06 Nov 2022 10:49:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2440
Expires: Sun, 06 Nov 2022 11:29:50 GMT
Date: Sun, 06 Nov 2022 10:49:10 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cLOqm36ioY751X1yA1WcQpaXiFYuvzFn8xLQ56MyDTpvi1J4Ruvc9Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 06:27:59 GMT
age: 15671
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d394a65-12f0-45e6-af37-57a983997faa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9787 bytes)
Hash
886f94a2b6bfa041d40943e14fee4a18
deba663d6b38f0c151032b2d5b5b5d54f7dd78b0
620c1c5ae68bbbddf31b43bf51161b06d1a3da6b6872643637c057f05cceec6b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d394a65-12f0-45e6-af37-57a983997faa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9787
x-amzn-requestid: fbeabde7-9e76-468d-b945-a3ee931e5f74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJabbHUPoAMFg_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d77c-1c372f9206e5923d360e9ed6;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:37:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UiyazpCisGgn3fc1ZqqIrF3pUpXHrPZqca5x7wINK-H_cP1ck1Pa8Q==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:48:58 GMT
age: 46812
etag: "deba663d6b38f0c151032b2d5b5b5d54f7dd78b0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8961 bytes)
Hash
dcc79e66d1e21452efb26d26650f6739
1f727a7ea032082658944cf4041686446fb6b5f2
af1fe8de442a365a108d5c03f0d3ae8b0beb1abb4f267a46979f9c885ee026c6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 3a50374d-d90e-452e-bb89-82ca14c94b52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJarpGtqIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-55c356475fb64e6625a338c7;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ry_OKFFZDdDoVya2hTxnFlDGtgoSw0JRqieDnCO4mSNFbgV-AuLE5Q==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:33 GMT
age: 47077
etag: "1f727a7ea032082658944cf4041686446fb6b5f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7573 bytes)
Hash
b18a8c9f5539ce33476f843f5811e01d
11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b
fc20e507eedccb52078979f2132434b11b9d50d917cab512d8e0c99515b1236c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: d56e7b27-f2cb-4cd3-9f67-ba18d1bfe270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bDkhGHmjoAMFxxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364813a-3a1c18b13c41f38673890b00;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 03:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c-u9tBFoIve3sEwtbUvIFZoPu6eudy3ZFQi8j2m9mTPNEarihTvddw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 05:31:43 GMT
age: 19047
etag: "11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3420191-fa21-4db2-9043-c0adac7b0820.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8160 bytes)
Hash
39ac4f41f6bbdba85b2afeb7b011db5f
8e7a2be19b5c7682e86aec81907f6026d14d7313
fbd813af4eb335e1aefa6fb78b672bf89f8606ef688c98d3bd38ffdb77abfba3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3420191-fa21-4db2-9043-c0adac7b0820.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8160
x-amzn-requestid: 31cf0571-0ef2-4c99-a6be-afd806b7f449
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJaroFHhoAMF26g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-269b7bcc1bcb8bdc4aa51dc9;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: J2pyEM7n1b_j4vS7S_K8aiJ-Jj01PtPk7Qb7rEOblKaz-isZtSqo1g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:33 GMT
age: 47077
etag: "8e7a2be19b5c7682e86aec81907f6026d14d7313"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11535 bytes)
Hash
b370c4e3b01be9fbbc3e310e6958cd55
cc22e90a0b476215f2fd864d84c9b00dded100a6
f54d90c5854b6f140b63dad3aa92bd858b8f360b8c77d50fdf344e813e9385c5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 0a1d9895-e2e3-4070-921a-736d8c6f254e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJatPGwjoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7ee-101a7f3a2b834d0b411c9de0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: j0I2JcPIptLTJZlwg8QG7kkTE1eCvZiBDzi6j2YYqNwvawJ6k2CqHQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:48:50 GMT
age: 46820
etag: "cc22e90a0b476215f2fd864d84c9b00dded100a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.revolutions.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1

208.97.148.81

200 OK

5.1 kB

URL HTTP/2
www.revolutions.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
ASCII text, with very long lines (15660)
Size
5.1 kB (5085 bytes)
Hash
3971154f76bf26e704b4910111d124ba
60dfcafe9593005b92cd0ce40f429b241ae3b287
549584b85b7433e767b71e774e5fcef37c40c19169e3979597b6ab7f8314b3c4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Tue, 24 May 2022 20:50:14 GMT
etag: "48b9-5dfc81a841f14-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5085
content-type: application/javascript
X-Firefox-Spdy: h2

www.revolutions.com/favicon.ico

208.97.148.81

200 OK

0 B

URL HTTP/2
www.revolutions.com/favicon.ico
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:11 GMT
server: Apache
last-modified: Wed, 19 May 2021 20:46:24 GMT
etag: "0-5c2b4eb7938dd"
accept-ranges: bytes
content-length: 0
cache-control: max-age=172800
expires: Tue, 08 Nov 2022 10:49:11 GMT
vary: User-Agent
content-type: image/vnd.microsoft.icon
X-Firefox-Spdy: h2

www.revolutions.com/wp-content/themes/twentytwentytwo/assets/fonts/source-serif-pro/SourceSerif4Variable-Roman.ttf.woff2

208.97.148.81

200 OK

428 kB

URL HTTP/2
www.revolutions.com/wp-content/themes/twentytwentytwo/assets/fonts/source-serif-pro/SourceSerif4Variable-Roman.ttf.woff2
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
Web Open Font Format (Version 2), TrueType, length 428448, version 4.262\012- data
Size
428 kB (428448 bytes)
Hash
378b83a85cfb1cb0f11ab503b0df456e
b622e44324ea8789789e812cae242e1f483e9811
bb8c4212414ce2a7887636e1c6eb1fd3ab46e4391226fd39653a2c2abbb17697

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/twentytwentytwo/assets/fonts/source-serif-pro/SourceSerif4Variable-Roman.ttf.woff2 HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 31 Aug 2022 23:15:40 GMT
etag: "689a0-5e791ace6b2fb"
accept-ranges: bytes
content-length: 428448
cache-control: max-age=172800
expires: Tue, 08 Nov 2022 10:49:10 GMT
vary: User-Agent,Accept-Encoding
content-type: application/font-sfnt
X-Firefox-Spdy: h2

www.revolutions.com/wp-content/themes/twentytwentyone/assets/images/young-woman-in-mauve.jpg

208.97.148.81

200 OK

156 kB

URL HTTP/2
www.revolutions.com/wp-content/themes/twentytwentyone/assets/images/young-woman-in-mauve.jpg
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 892x1103, components 3\012- data
Size
156 kB (156480 bytes)
Hash
cca65c99cbda1ef86c18ffff1e473f03
effa33dd4f7b86015340b6367296fa23fecad3be
14a97212559694b078f618c79dfcb2b508519b18e11f5c38ea7dedb4c3efd4a8

HTTP Headers

GET /wp-content/themes/twentytwentyone/assets/images/young-woman-in-mauve.jpg HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 31 Aug 2022 23:15:37 GMT
etag: "26340-5e791acaf862d"
accept-ranges: bytes
content-length: 156480
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: User-Agent
content-type: image/jpeg
X-Firefox-Spdy: h2

www.revolutions.com/wp-content/themes/twentytwentyone/assets/images/in-the-bois-de-boulogne.jpg

208.97.148.81

200 OK

276 kB

URL HTTP/2
www.revolutions.com/wp-content/themes/twentytwentyone/assets/images/in-the-bois-de-boulogne.jpg
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1111x914, components 3\012- data
Size
276 kB (276539 bytes)
Hash
6a5616c940131f1c4be108b99cf8378f
ff3db3b775adb84dd077236b0b56a026780057c0
073c6d0831cd8eb3df10f8f24dc2522affe82c8fe015ebf7f0e69e842c1b6657

HTTP Headers

GET /wp-content/themes/twentytwentyone/assets/images/in-the-bois-de-boulogne.jpg HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 31 Aug 2022 23:15:37 GMT
etag: "4383b-5e791acaf768d"
accept-ranges: bytes
content-length: 276539
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: User-Agent
content-type: image/jpeg
X-Firefox-Spdy: h2

www.revolutions.com/wp-content/themes/twentytwentyone/assets/images/roses-tremieres-hollyhocks-1884.jpg

208.97.148.81

200 OK

287 kB

URL HTTP/2
www.revolutions.com/wp-content/themes/twentytwentyone/assets/images/roses-tremieres-hollyhocks-1884.jpg
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 912x1104, components 3\012- data
Size
287 kB (287158 bytes)
Hash
c811a05ea5d94cbe8f55ea0a8ccb69db
5b7b97f76175bbc199064753c224c06d0d7fe47e
d69f58010e361ff3f135998085e6c2d8d22d710730b813c323cd5123b6214360

HTTP Headers

GET /wp-content/themes/twentytwentyone/assets/images/roses-tremieres-hollyhocks-1884.jpg HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.revolutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
last-modified: Wed, 31 Aug 2022 23:15:37 GMT
etag: "461b6-5e791acaf768d"
accept-ranges: bytes
content-length: 287158
cache-control: max-age=2592000
expires: Tue, 06 Dec 2022 10:49:10 GMT
vary: User-Agent
content-type: image/jpeg
X-Firefox-Spdy: h2

www.revolutions.com/

208.97.148.81

200 OK

0 B

URL HTTP/2
www.revolutions.com/
IP
208.97.148.81:0
ASN
#26347 DREAMHOST-AS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: www.revolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 10:49:10 GMT
server: Apache
vary: Accept-Encoding,Cookie,User-Agent
cache-control: max-age=3, must-revalidate, max-age=600
expires: Sun, 06 Nov 2022 10:59:10 GMT
content-encoding: gzip
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (31)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type