armmountstravel.com/js/
185.9.147.100302 Found 211 B IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /js/ HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:21 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 04:04:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: B6TUHw5YWAAoLEbjQ_vkG00REI8Q0Pf3_z7F_Npe7Y-o5W60Ot8aUQ==
Age: 2443
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14698
Expires: Wed, 07 Sep 2022 08:50:19 GMT
Date: Wed, 07 Sep 2022 04:45:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H1m6XpW_IMUCZdf_KT3naycvoajbuAu67OAMa_zJTy-a39Qa82pQsQ==
age: 3527
X-Firefox-Spdy: h2
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 04:45:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:300,400,500
142.250.74.10200 OK 469 B URL HTTP/1.1 fonts.googleapis.com/css?family=Poppins:300,400,500
IP 142.250.74.10:0
Hash d5c8be02baf7ff45f79c1cb309ae6cbf
92907d22e245b2a3e706c1b517b6e91e2ce8ade6
1b8d0f1d0b216245613be07a396f78c249b53f7ea9c6cd9c242e8816dc4ab017
GET /css?family=Poppins:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 07 Sep 2022 04:45:22 GMT
Date: Wed, 07 Sep 2022 04:45:22 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
armmountstravel.com/css/isotope.css
185.9.147.100200 OK 3.5 kB URL HTTP/1.1 armmountstravel.com/css/isotope.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (3497), with no line terminators
Hash d82d90a0f23dd8fec9b291867f48b3b0
90856f54ce7211e1ffdd0f47182666b5cd7a01b5
5ec4f0ab14c4aae30a2f971899b63ea5d7301625e2b3a6d902d68670487d7710
GET /css/isotope.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 3497
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-da9"
Accept-Ranges: bytes
armmountstravel.com/css/style.css
185.9.147.100200 OK 112 kB URL HTTP/1.1 armmountstravel.com/css/style.css
IP 185.9.147.100:0
File type assembler source, ASCII text, with very long lines (343)
Size 112 kB (112254 bytes)
Hash e9731b3f8e98592aefc6e5a82099245b
5bdd89218229a807074beede197554affb26eb6e
a85f97a77eb3301be4d832779033048b92c2f689d4f7665ed70ea2e4a484517f
GET /css/style.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 112254
Last-Modified: Wed, 26 Sep 2018 14:00:45 GMT
Connection: keep-alive
ETag: "5bab910d-1b67e"
Accept-Ranges: bytes
armmountstravel.com/css/font-awesome.min.css
185.9.147.100200 OK 29 kB URL HTTP/1.1 armmountstravel.com/css/font-awesome.min.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (28900)
Hash bb53ad7bffecc0014d64553e96501dce
7cd5a3384333f95c3d37d9488ad82cd6c4b03761
7bc15c522a05ce0e56b8cb3fff83bc6e770130afdd840d469869db69663d78fe
GET /css/font-awesome.min.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 29062
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-7186"
Accept-Ranges: bytes
armmountstravel.com/css/settings.css
185.9.147.100200 OK 29 kB URL HTTP/1.1 armmountstravel.com/css/settings.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (29418)
Hash 062226ebe25895b82f1908b63d9f477d
729e24d83e1e679bff090c9b8907c8d6872a1e0c
0f0c01339831b52567941b596da2339881e952904542ffdd8bb845b2738be9af
GET /css/settings.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 29419
Last-Modified: Fri, 31 Aug 2018 08:38:43 GMT
Connection: keep-alive
ETag: "5b88fe93-72eb"
Accept-Ranges: bytes
armmountstravel.com/css/lightcase.css
185.9.147.100200 OK 13 kB URL HTTP/1.1 armmountstravel.com/css/lightcase.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (12634), with no line terminators
Hash 6a458a66dd9e684c3b46933b458442d9
55965bcb6345c2a90ea55430dd14fa1e289f5683
3ff00b72cf566b6cb36da8d969046e58a74e5a3b25ff61c65bb2343aa0574c22
GET /css/lightcase.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 12634
Last-Modified: Sat, 01 Sep 2018 14:24:21 GMT
Connection: keep-alive
ETag: "5b8aa115-315a"
Accept-Ranges: bytes
armmountstravel.com/css/ionicons.css
185.9.147.100200 OK 51 kB URL HTTP/1.1 armmountstravel.com/css/ionicons.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (50924), with no line terminators
Hash 168827d885077b255801de2c66eeba6b
b83a3311bcc1c580d556c3c2f8faee2095fcb325
73d33b063a437f69b17b091b69c4cb8b500ab27b15a0a307038bed69cd2364e7
GET /css/ionicons.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 50924
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-c6ec"
Accept-Ranges: bytes
armmountstravel.com/css/mqueries.css
185.9.147.100200 OK 22 kB URL HTTP/1.1 armmountstravel.com/css/mqueries.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (14712)
Hash e0f46ea90b443d3fc718aa3bf383d263
31d81461926a54515b9e564a02e35cdb343b6799
2c9c1b1418ddd7ed34171fa6fa651eef7c7215e79e06a16605eca8a0c7d75c2c
GET /css/mqueries.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 22449
Last-Modified: Wed, 26 Sep 2018 08:37:07 GMT
Connection: keep-alive
ETag: "5bab4533-57b1"
Accept-Ranges: bytes
armmountstravel.com/css/layers.css
185.9.147.100200 OK 140 kB URL HTTP/1.1 armmountstravel.com/css/layers.css
IP 185.9.147.100:0
Size 140 kB (140333 bytes)
Hash 117cc368e00536a19046cd6939b65ad7
30d50225ec444fb9edb35c90a9f63a35c4698b7c
2c9f331c4d7bfc812bf602e2a8bd36eab0b7ff8803295eb4404f28e8dcaa7200
GET /css/layers.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 140333
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-2242d"
Accept-Ranges: bytes
armmountstravel.com/css/navigation.css
185.9.147.100200 OK 59 kB URL HTTP/1.1 armmountstravel.com/css/navigation.css
IP 185.9.147.100:0
Hash 4997a920bf27721b7f1e11aa9f6e9977
320c28120efcb8e4eb60dfb07e542bbee99714aa
b136e2d51cc93258031fc9b3ba31bcccc32c9f7056833a39a9abb41775024f3c
GET /css/navigation.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/css
Content-Length: 59326
Last-Modified: Fri, 31 Aug 2018 08:38:43 GMT
Connection: keep-alive
ETag: "5b88fe93-e7be"
Accept-Ranges: bytes
armmountstravel.com/js/plugins.js
185.9.147.100200 OK 9.1 kB URL HTTP/1.1 armmountstravel.com/js/plugins.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (4495)
Hash 06665ec3f271458345c5b210777cb5d5
d98ead2314cca2cd4f79bcb08c056a80792acf29
7c09adc70293b6750c47544e0bd02bfc478ec0748665d4ec319b307a7141fdb2
Analyzer Verdict Alert fortinet Malware
GET /js/plugins.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 9136
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-23b0"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.slideanims.min.js
185.9.147.100200 OK 30 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.slideanims.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (29819)
Hash 688ea66a40c3420795611a4cdcfe5681
0568d36f8c2e74b7e0a6b91f8ad7fe2cc44e3318
e4673fcefdf1907dd87667e6227314b6f4ad4432d61115c2f237d02c39f2a164
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.slideanims.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 30063
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-756f"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.themepunch.tools.min.js?rev=5.0
185.9.147.100200 OK 109 kB URL HTTP/1.1 armmountstravel.com/js/jquery.themepunch.tools.min.js?rev=5.0
IP 185.9.147.100:0
File type ASCII text, with very long lines (27184)
Size 109 kB (109170 bytes)
Hash e24b8a1055522705299a1b1810d492d2
f4ea30b95f2871d293613df49fa57c113b7b67cd
58ba20111da06812e452383d4966b4fbe03d89d24b0656f45413cd0474fbada8
GET /js/jquery.themepunch.tools.min.js?rev=5.0 HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 109170
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-1aa72"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.navigation.min.js
185.9.147.100200 OK 28 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.navigation.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (27448)
Hash e2d813ec52c28fa8ba50e8dd4620ac8a
adc412cd5e152ddfdc8b62839e4897631fe330a0
bfa2f123e71c7377d2e463fcd9cbecdd66ad942011a1254bf4fde4a327418700
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.navigation.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 27681
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-6c21"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.themepunch.revolution.min.js?rev=5.0
185.9.147.100200 OK 65 kB URL HTTP/1.1 armmountstravel.com/js/jquery.themepunch.revolution.min.js?rev=5.0
IP 185.9.147.100:0
File type ASCII text, with very long lines (32767)
Hash a200604ffdb83160cf79138493bad42d
c25dfe0890b6d2180a44dfe3e8ba3bfc30a03c3a
ff60e7b6020c08cebe1e1c57f4fee01c0213dc54c44f1a0138b8ecb002e49360
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.themepunch.revolution.min.js?rev=5.0 HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 65100
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-fe4c"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.layeranimation.min.js
185.9.147.100200 OK 56 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.layeranimation.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (32060)
Hash 3fc9b75d0f5608f403ac2852db8e7a52
4028cc9719f35002d3409350806aa76ecac4baee
7028881acf7dc68f31a4c7bfa88f94d34bde2580c95e52c9cb4f3e3551f254c9
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.layeranimation.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 55821
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-da0d"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.video.min.js
185.9.147.100200 OK 26 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.video.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (25441)
Hash 23f58d9923383a5a952ce05403b50904
d2a0a7fe16b75694f1d07a02c480be3d57f97499
76680ab272ef531d62e218c01eb2411d6a91850c0aea680edd0a3465a6cb2e06
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.video.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 25681
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-6451"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.imagesloaded.min.js
185.9.147.100200 OK 8.7 kB URL HTTP/1.1 armmountstravel.com/js/jquery.imagesloaded.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (8616)
Hash 0e9d39480a41565941b4a457f28b9450
58d26c06f0f0b4f93670614d13350c9226479294
ab7398e310ab79e487e2330c64e0c386415aa670f9ccb3e154adf2a7d75d1c9d
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.imagesloaded.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 8733
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-221d"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.min.phatvideobg.js
185.9.147.100200 OK 11 kB URL HTTP/1.1 armmountstravel.com/js/jquery.min.phatvideobg.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (1977)
Hash 33d2f75e622a6f78039bb3abc996d038
b3e5a6cf750064599330b05025716f8c3c0481a6
1609d327a886f3b84c857d469d07228ff372301e38cff57f7c9faaba78ba463a
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.phatvideobg.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 11322
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-2c3a"
Accept-Ranges: bytes
armmountstravel.com/js/script.js
185.9.147.100200 OK 25 kB URL HTTP/1.1 armmountstravel.com/js/script.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (1799)
Hash 5c87c2505fb07894234d1cae61c4c099
75fe8d5cc0d3b07cb7982c126607db5e75d57c82
920006791da47ed4f4628325045d573b88198ec4fa4bc92ef020002d150641f1
Analyzer Verdict Alert fortinet Malware
GET /js/script.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 25008
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-61b0"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.lightcase.min.js
185.9.147.100200 OK 54 kB URL HTTP/1.1 armmountstravel.com/js/jquery.lightcase.min.js
IP 185.9.147.100:0
File type HTML document, ASCII text, with very long lines (1795)
Hash c0e4ad34afc5606d2f8c10578e05bfd1
5c6144891542a9b3c76c38a4639b21d059849f99
37d3dd9084f9e4813b540384404ccd4e82b479019155f265e177897201d75f68
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.lightcase.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 53857
Last-Modified: Sat, 01 Sep 2018 13:44:31 GMT
Connection: keep-alive
ETag: "5b8a97bf-d261"
Accept-Ranges: bytes
armmountstravel.com/img/logo-noha-dark.png
185.9.147.100200 OK 19 kB URL HTTP/1.1 armmountstravel.com/img/logo-noha-dark.png
IP 185.9.147.100:0
File type PNG image data, 150 x 147, 8-bit/color RGBA, non-interlaced\012- data
Hash bb2cb2cd03064a75536db610c776bd38
fdce886a303e90e881efda6168bcaca30e80ce63
bfd366030beeb34810de3e02de7c143de94b8e7ef03061f78be51690aca03e89
GET /img/logo-noha-dark.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 18985
Last-Modified: Thu, 30 Aug 2018 12:35:42 GMT
Connection: keep-alive
ETag: "5b87e49e-4a29"
Accept-Ranges: bytes
armmountstravel.com/img/logo-noha-light.png
185.9.147.100200 OK 15 kB URL HTTP/1.1 armmountstravel.com/img/logo-noha-light.png
IP 185.9.147.100:0
File type PNG image data, 150 x 147, 8-bit/color RGBA, non-interlaced\012- data
Hash 120b0c95abe5773c8d84f7385bade539
360960250eef1b702ebbe19db734b78edf81e9b5
cacdb85314e5ac415583cb160b4e3866dd74b0db5981bb3cfb51d12a5d1e3bcb
GET /img/logo-noha-light.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 15242
Last-Modified: Thu, 30 Aug 2018 12:35:43 GMT
Connection: keep-alive
ETag: "5b87e49f-3b8a"
Accept-Ranges: bytes
armmountstravel.com/img/soc1.png
185.9.147.100200 OK 3.1 kB URL HTTP/1.1 armmountstravel.com/img/soc1.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6b707ef345a88da13700a6554b49bab4
28eb963f43c7da1fd6f71f6fea5968e608e8d488
5a1753269b27890551db09d7e4d401df1b82ade7d298871545beb2958d7da01d
GET /img/soc1.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 3072
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-c00"
Accept-Ranges: bytes
armmountstravel.com/img/soc2.png
185.9.147.100200 OK 3.4 kB URL HTTP/1.1 armmountstravel.com/img/soc2.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f50f78546e59207ef50cc1ee7ee80626
6ff431cdfbd31591b70ce26cbb37824c86bdb30d
f93271cfc8769f9a65a4de0981475ab5ef77da353199adfe50709f71e95b3667
GET /img/soc2.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 3408
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-d50"
Accept-Ranges: bytes
armmountstravel.com/img/soc6.png
185.9.147.100200 OK 733 B URL HTTP/1.1 armmountstravel.com/img/soc6.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced\012- data
Hash 0637167507058c3b454b0487ce1bb9aa
3dde76b970966def42a157c62ddf5f18b24860fd
af5328364c63776bb4f4e372b9da0d371b6330aae1f45853de672849789ef7db
GET /img/soc6.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 733
Last-Modified: Mon, 10 Sep 2018 08:09:31 GMT
Connection: keep-alive
ETag: "5b9626bb-2dd"
Accept-Ranges: bytes
armmountstravel.com/img/soc4.png
185.9.147.100200 OK 3.3 kB URL HTTP/1.1 armmountstravel.com/img/soc4.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d95822130e8774df316f6087bf0fcc05
996b4d1412655df9bc5ca995ebfceb8a62c2f487
06654ae52d9cd7618c808effd4f3353fcf101e266ac90fdd2b5b3493810dea8c
GET /img/soc4.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 3299
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-ce3"
Accept-Ranges: bytes
armmountstravel.com/img/soc5.png
185.9.147.100200 OK 3.2 kB URL HTTP/1.1 armmountstravel.com/img/soc5.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash fba16339f043111dab26005f86aa2aca
44b3b9aa7999e7603f0151059a0d99c1dbc67e43
3f46fdfe4f3811fa2f1e199ebc3c46371b009c83e311f0bd548e48aec4334f3b
GET /img/soc5.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 3231
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-c9f"
Accept-Ranges: bytes
armmountstravel.com/img/tour/2.jpg
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/2.jpg
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /img/tour/2.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/img/tour/4.JPG
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/4.JPG
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /img/tour/4.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/tour/1539095505IMG_5194-min.JPG
185.9.147.100200 OK 179 kB URL HTTP/1.1 armmountstravel.com/tour/1539095505IMG_5194-min.JPG
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x960, components 3\012- data
Size 179 kB (178778 bytes)
Hash 2e410a496a0d0d98c03b354d4fe50ff5
1c7c0b6be5d54d4dd2ec8153e856c26b24b3da5d
d2c5700332c299c7034434baa38d26fa34e6e8dfb2d85d3ac3f55207f9cf5280
Analyzer Verdict Alert fortinet Malware
GET /tour/1539095505IMG_5194-min.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/jpeg
Content-Length: 178778
Last-Modified: Tue, 09 Oct 2018 14:31:45 GMT
Connection: keep-alive
ETag: "5bbcbbd1-2ba5a"
Accept-Ranges: bytes
armmountstravel.com/slider/1536683072slide3.jpg
185.9.147.100200 OK 542 kB URL HTTP/1.1 armmountstravel.com/slider/1536683072slide3.jpg
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1901x1272, components 3\012- data
Size 542 kB (541478 bytes)
Hash 9e7ef91d677f0a551d3c098fac313030
b216b1fd88d1357188b3fcf4dbe5077a489105c4
d044203f227a58926e01f71b94ab7df17f7995315ecdefe45a58a89c0edc35be
GET /slider/1536683072slide3.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/jpeg
Content-Length: 541478
Last-Modified: Tue, 11 Sep 2018 16:24:32 GMT
Connection: keep-alive
ETag: "5b97ec40-84326"
Accept-Ranges: bytes
armmountstravel.com/assets/demo.css
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/assets/demo.css
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /assets/demo.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/img/slide2.jpg
185.9.147.100200 OK 428 kB URL HTTP/1.1 armmountstravel.com/img/slide2.jpg
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1338, components 3\012- data
Size 428 kB (427678 bytes)
Hash a34e62f747942812c53bd7e65feb30a5
b1d956b30f0066efdd28ff059189da96ec4a87c5
08a82b497097bafa489fce872b85a37ee050c6a05b49586b7a80096daae607c8
GET /img/slide2.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/jpeg
Content-Length: 427678
Last-Modified: Wed, 05 Sep 2018 10:53:04 GMT
Connection: keep-alive
ETag: "5b8fb590-6869e"
Accept-Ranges: bytes
armmountstravel.com/slider/1537455029IMG_5115-min.JPG
185.9.147.100200 OK 420 kB URL HTTP/1.1 armmountstravel.com/slider/1537455029IMG_5115-min.JPG
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x700, components 3\012- data
Size 420 kB (419644 bytes)
Hash e1b0a4f0aed8ce22926dd728cbcffeb5
03e2e89e06046474bc59413941616b3375a1418b
61c2b8b3c1c66ad0c40e0457ca80b6d03ee6b8743eac706ab1a430a2bc18f895
Analyzer Verdict Alert fortinet Malware
GET /slider/1537455029IMG_5115-min.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/jpeg
Content-Length: 419644
Last-Modified: Thu, 20 Sep 2018 14:50:29 GMT
Connection: keep-alive
ETag: "5ba3b3b5-6673c"
Accept-Ranges: bytes
armmountstravel.com/img/tour/3.jpg
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/3.jpg
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /img/tour/3.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 07 Sep 2022 04:38:21 GMT
Cache-Control: max-age=3600
Expires: Wed, 07 Sep 2022 04:43:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rK158H05MklQl1Hm6FEQVYAnkeTnlwL3Zl2aI7974gpk3hhAu44eUA==
Age: 1133
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 547
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 04:45:22 GMT
Last-Modified: Wed, 07 Sep 2022 04:36:15 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
f.vimeocdn.com/js/froogaloop2.min.js
151.101.86.109403 Forbidden 5.4 kB URL HTTP/2 f.vimeocdn.com/js/froogaloop2.min.js
IP 151.101.86.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5364), with no line terminators
Hash e93c5d5e9322783df3325319a34e59bf
59fe46b9ecde66156d6e34b22827e78c8cf73f4f
f99424c50c737152a5da0291de7204b0d805a39b6df33eed73bf778f94b671cb
GET /js/froogaloop2.min.js HTTP/1.1
Host: f.vimeocdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: Varnish
retry-after: 0
content-type: text/html; charset=utf-8
cache-control: pragma, no-cache, max-age=0
accept-ranges: bytes
date: Wed, 07 Sep 2022 04:45:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1675-BMA
x-cache: MISS
x-cache-hits: 0
content-length: 5364
X-Firefox-Spdy: h2
armmountstravel.com/img/favicon.png
185.9.147.100200 OK 9.1 kB URL HTTP/1.1 armmountstravel.com/img/favicon.png
IP 185.9.147.100:0
File type PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced\012- data
Hash dd3594aae2adb2e8d4bf08870a83b929
263953ebd486eeeb3af42bf65d6c3197adcf5cc1
c5455b1b69304457a471de17018f9c6691906bd016d375da13da35901d143c4c
GET /img/favicon.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: image/png
Content-Length: 9119
Last-Modified: Thu, 20 Sep 2018 07:51:22 GMT
Connection: keep-alive
ETag: "5ba3517a-239f"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 04:45:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
armmountstravel.com/
185.9.147.100200 OK 74 kB IP 185.9.147.100:0
Hash a213502d53acc3c3cc62c7ceffd67378
3e4f4761ad64347edcf43dafb8063c6bef982df6
129adbdff377db9cdbac713893a5c947f2cfa0ba32d6b06a5216ffbed81d27eb
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 04:45:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.217.237.91101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.217.237.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8FId0+15Q0vf+e37zzgbaQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: R/Dd513xHuWUJ6W/pVzwE393BWQ=
armmountstravel.com/assets/loader.gif
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/assets/loader.gif
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /assets/loader.gif HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/css/settings.css
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:23 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/undefined
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/undefined
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /undefined HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:23 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/css/settings.css
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15439
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 04:45:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15439
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 04:45:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15439
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 04:45:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15439
Expires: Wed, 07 Sep 2022 09:02:43 GMT
Date: Wed, 07 Sep 2022 04:45:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 79f4356c488498012cc7fc03be21e3df
dd9cd9b711d7112efa85eff8a798346dbd7d5f5f
ebd84bf1db6b39b92be1020c7ea5c32eaa23dfb347ec83941d5bc56e80855ebc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12661
x-amzn-requestid: 71ef9e09-ccf1-4930-865d-665ece4bf3a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3hXnFnXIAMFqKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312e296-627daf7c7ad3e23a60b183cd;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 05:13:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xwunW741LulZXvM0har5nqrcCiyYoUwvhCWiPsEvs5P2VKSe476_Cw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:14:32 GMT
etag: "dd9cd9b711d7112efa85eff8a798346dbd7d5f5f"
content-type: image/jpeg
age: 23452
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6447311cd0f34fb9cde4e21946e0d8af
cfca3a21a33e58f300343f643634c50a924bb6db
e2de947b52e13a0350c5b6904020924b957161d825930677386185a62d2f2401
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5384
x-amzn-requestid: b2d61cc9-3109-4b76-9aee-96f14b755184
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqcrFFGIAMF8pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdea-43651bdc494d8c415225415e;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:50 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: AdZGxVLg3lCcqbxAbsf79mse38ZRqK_L98l4OQZELiaNS4pAjuQ1BA==
via: 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:08 GMT
age: 25456
etag: "cfca3a21a33e58f300343f643634c50a924bb6db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8639d630-8c8a-4807-a0b9-15086c24357f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8639d630-8c8a-4807-a0b9-15086c24357f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c59fa99ae2913811dc92e67032c57394
de4df8a9282e9cec140c9074a140f72fb3dc896e
bb5841642c985c12489b7b23a2a95571864896eef9a04645e61029f9f6717bdc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8639d630-8c8a-4807-a0b9-15086c24357f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11675
x-amzn-requestid: 4dec6362-eb2a-4cd9-b92e-c569f31b2cc0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3OeFGyboAMFzqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312c459-1506326857a16d2f3bbb231c;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 03:04:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yA9qrhB7c0lwK6gWbmh69l7D_Y0p_D-GBx21_fRJIH7Od_D0Qp41Fg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 04:32:31 GMT
age: 773
etag: "de4df8a9282e9cec140c9074a140f72fb3dc896e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70c964498818242b742575cfa1769b67
cde85fbe83c9e29618edf4e05002bd623e3ab965
bdb0e76fe216f742789ba5a77645c640fe0c7f207707181e618fa31d4cf58605
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8462
x-amzn-requestid: 1a501a0a-2671-468b-885b-2a2efb73bc2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDq64HbCIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317beab-395f6d1436b027ee60d00abd;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ZWf6CXKcClMXAXmFXNp0sxVCMUFyZqhhh7B83tJMX_jvteLRDzG8QA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:42:04 GMT
etag: "cde85fbe83c9e29618edf4e05002bd623e3ab965"
content-type: image/jpeg
age: 25400
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e9b3424-a7df-4a41-82c2-4baf4813509c.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e9b3424-a7df-4a41-82c2-4baf4813509c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fcf56e65178e3bdb802a8215b48d11f0
6ca14b815e1446172a72f28f58fbbf97272a512b
42a88966c46e9670786e171700f403805f1a278aef0edfee233afb8fd5e41e46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e9b3424-a7df-4a41-82c2-4baf4813509c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11464
x-amzn-requestid: 5a4d63f8-dd44-4003-bd90-4ebcdf4517e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdbBcECroAMFrFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63087209-22f3a6a174d32fd11f863106;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:11:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hvJEdV6JLI2wSnHo_y3lhjaS0p0-tXpeedn_z3BuRuz7xfqBun_ntw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:55:58 GMT
age: 24566
etag: "6ca14b815e1446172a72f28f58fbbf97272a512b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb8aa6e-cd0e-437b-8dd5-987975f699c1.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb8aa6e-cd0e-437b-8dd5-987975f699c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ef4fa1124d22326a35b623fbe8c5265
ef57fc0f565c41e42637ca1a71d3143c20a7c2e6
8dd5cbcd791cf3db88011ac65a1097a491d0fd0e1e52eb879c2ef27f22c2d3aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb8aa6e-cd0e-437b-8dd5-987975f699c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9014
x-amzn-requestid: 774c43be-0f3a-48c2-8f14-b48b4b09767c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqN9tGsVoAMFVng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d9057-00c7330e5b1d960021691df2;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 04:21:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 77V2cHcwKSvu4b0ikOJ5s3yf-bcK2eh2Sfe85UrhyuRLpzudBO6vXQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 17:47:48 GMT
age: 39456
etag: "ef57fc0f565c41e42637ca1a71d3143c20a7c2e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
armmountstravel.com/js/jquery.isotope.min.js
185.9.147.100200 OK 0 B URL HTTP/1.1 armmountstravel.com/js/jquery.isotope.min.js
IP 185.9.147.100:0
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.isotope.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 42631
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-a687"
Accept-Ranges: bytes
armmountstravel.com/js/jquery-1.12.4.min.js
185.9.147.100200 OK 0 B URL HTTP/1.1 armmountstravel.com/js/jquery-1.12.4.min.js
IP 185.9.147.100:0
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-1.12.4.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 04:45:22 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 98968
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-18298"
Accept-Ranges: bytes
www.youtube.com/iframe_api
142.250.74.110200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.110:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Wed, 07 Sep 2022 04:45:22 GMT
date: Wed, 07 Sep 2022 04:45:22 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=hAm3rmflUDw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=aJQZLnpoRWU; Domain=.youtube.com; Expires=Mon, 06-Mar-2023 04:45:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+354; expires=Fri, 06-Sep-2024 04:45:22 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2