r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5656
Expires: Mon, 28 Nov 2022 17:13:36 GMT
Date: Mon, 28 Nov 2022 15:39:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3654
Expires: Mon, 28 Nov 2022 16:40:14 GMT
Date: Mon, 28 Nov 2022 15:39:20 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:20 GMT
Last-Modified: Mon, 28 Nov 2022 14:42:38 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TiWyXSVAPaAKEF5pcYsUkjo2AuD2PVQiALY9uIsIeyWFkcQBWKHjx8YbizruIO6mSFd9uuKMraM=
x-amz-request-id: 5P0PNN9WRJHYCW6C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 14:45:04 GMT
age: 3256
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 15:19:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1188
alt-svc: clear
X-Firefox-Spdy: h2
dreamcarriertreks.com/
172.105.252.215301 Moved Permanently 707 B IP 172.105.252.215:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Mon, 28 Nov 2022 15:39:20 GMT
server: LiteSpeed
location: https://dreamcarriertreks.com/
vary: User-Agent
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 15:39:20 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 15:08:55 GMT
cache-control: public,max-age=3600
age: 1826
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6501
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:21 GMT
Last-Modified: Mon, 28 Nov 2022 13:51:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.203.75.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.203.75.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zDjw23Kj4owq+3LNiIkmXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1mIcf7UxweVAORe8sp5t7jwW9qI=
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 943f6e33e6a353e3e6688cabbf06e9bd
8cbffe9445edea5c78db9ab24f6b7baa59e55fbd
5e6fb41b600dd0c27a4fa78cbde3bc5050f18429e5f993a89a0ff7fcef16b66b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4634
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:21 GMT
Last-Modified: Mon, 28 Nov 2022 14:22:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Bebas+Neue&family=Playfair+Display:ital@1&display=swap
142.250.74.10200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css2?family=Bebas+Neue&family=Playfair+Display:ital@1&display=swap
IP 142.250.74.10:0
Hash 6e06985c81ab649b8eb0ccd6f7534fef
7cbceea0e57b9566ba5cb82fc21f4715db469d95
58b9cee8a92e97e6db76a0280dcfe12558f523b611e639dd8d0ecc51a3bfc1bd
GET /css2?family=Bebas+Neue&family=Playfair+Display:ital@1&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 15:39:22 GMT
date: Mon, 28 Nov 2022 15:39:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:26:57 GMT
expires: Thu, 23 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 418345
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/playfairdisplay/v29/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA_3-uE0qEEw.woff
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/playfairdisplay/v29/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA_3-uE0qEEw.woff
IP 216.58.207.195:0
File type Web Open Font Format, TrueType, length 23952, version 1.1\012- data
Hash c58b62bce667d39b70550e04b84547b6
8df31acd6854535adc18127d207758e57d3737a2
e3e8a6f68d7d29aef5dc5d60af57e8c2fa0fed9aaa0df66df26442862ca7db99
GET /s/playfairdisplay/v29/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA_3-uE0qEEw.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 22:28:25 GMT
expires: Tue, 21 Nov 2023 22:28:25 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:55:52 GMT
content-type: font/woff
age: 580257
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.pixabay.com/photo/2016/05/24/16/48/mountains-1412683_1280.png
172.64.150.12200 OK 437 kB URL HTTP/2 cdn.pixabay.com/photo/2016/05/24/16/48/mountains-1412683_1280.png
IP 172.64.150.12:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 437 kB (436864 bytes)
Hash e7426cdce6688a803509aef4d46e06fc
9005bd38c995ff0b7e2a3066e9a11c40b24f608c
45402fd8ad6a6662ed995415505eb85ad3f3d127d2f3f81ce7c2288a67464020
GET /photo/2016/05/24/16/48/mountains-1412683_1280.png HTTP/1.1
Host: cdn.pixabay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:39:22 GMT
content-type: image/webp
content-length: 436864
cf-ray: 771432268f25b4f4-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
content-disposition: inline; filename="mountains-1412683_1280.webp"
etag: "d920c599e5aa66ac201e15c1030fa938"
expires: Tue, 28 Nov 2023 15:39:22 GMT
last-modified: Wed, 27 Feb 2019 08:43:45 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=568742
x-amz-id-2: 8cxIRir8r5TDDXfRagWkyECWob72ioknnLeY61vLcUlnes4Wzc+FvRRyPQwCVROtzJy7URlAMPqXEF/pe5U/xQ==
x-amz-replication-status: COMPLETED
x-amz-request-id: 23506EV17KAYS9RQ
x-amz-version-id: IV60mRYTnObNMoO1_qkG6.Dwrsskryvy
set-cookie: __cf_bm=2zSk45JvzzqI11ziLpIshrxhdC_CHwSn75YhRmyyLIk-1669649962-0-ARP62w3xid4w6lZwiWyrxir1Wejd3Cy8JSi5oTKIjMpqCQJ/tPI0azzmdlM6o2wW3ACg9M+WrKKW3375JeRHB/A=; path=/; expires=Mon, 28-Nov-22 16:09:22 GMT; domain=.pixabay.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 943f6e33e6a353e3e6688cabbf06e9bd
8cbffe9445edea5c78db9ab24f6b7baa59e55fbd
5e6fb41b600dd0c27a4fa78cbde3bc5050f18429e5f993a89a0ff7fcef16b66b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4635
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:39:22 GMT
Last-Modified: Mon, 28 Nov 2022 14:22:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
dreamcarriertreks.com/_next/static/chunks/pages/index-85318d384562acfb.js
172.105.252.215200 OK 530 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/pages/index-85318d384562acfb.js
IP 172.105.252.215:0
File type ASCII text, with very long lines (1010), with no line terminators
Hash 9f919c5c5b634ee41c2d7b22c8e2b6e5
57600e3a1ea1e7a367c5632808bc084574421025
b9dfa09ed6b55ee0c2bc0bc2ebb59f14ee36aea996b3c9f191886278f23e3c18
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/pages/index-85318d384562acfb.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"3f2-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-length: 530
content-encoding: br
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/zsIa0Jr1f8zPBkf8VsSbS/_middlewareManifest.js
172.105.252.215200 OK 92 B URL HTTP/2 dreamcarriertreks.com/_next/static/zsIa0Jr1f8zPBkf8VsSbS/_middlewareManifest.js
IP 172.105.252.215:0
File type ASCII text, with no line terminators
Hash 7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
Analyzer Verdict Alert fortinet Malware
GET /_next/static/zsIa0Jr1f8zPBkf8VsSbS/_middlewareManifest.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:10 GMT
etag: W/"5c-181dd9309d0"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-length: 92
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6150
Expires: Mon, 28 Nov 2022 17:21:53 GMT
Date: Mon, 28 Nov 2022 15:39:23 GMT
Connection: keep-alive
dreamcarriertreks.com/_next/static/css/ae1a012ceaaa7165.css
172.105.252.215200 OK 2.7 kB URL HTTP/2 dreamcarriertreks.com/_next/static/css/ae1a012ceaaa7165.css
IP 172.105.252.215:0
Hash 6b56d9057885237d783acc01264abb30
11cba34f11c06afaf791a1f89dcaf354b7e86325
9fc7ee94cacd10ed1ea04541a24794764894913fbf49c5f2b9dfb717ed5757b9
GET /_next/static/css/ae1a012ceaaa7165.css HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"3419-181dd92ee78"
content-type: text/css; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6150
Expires: Mon, 28 Nov 2022 17:21:53 GMT
Date: Mon, 28 Nov 2022 15:39:23 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 63457
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6egDH0h7D08HhaoQHQ0vgghBhPfje2lGIbnWD-t7p4txzHsFxmZfg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 10:31:22 GMT
age: 18481
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/cb1608f2-7d6aebef3637e362.js
172.105.252.215200 OK 14 kB URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/cb1608f2-7d6aebef3637e362.js
IP 172.105.252.215:0
Hash dce5db64479c844e8fe293d44028b5bd
9e4f833cdf92fe6ee77a86cb104eb137d25882a5
a3148dcd31c6925df43e51fb991ed4577d616d468226c655e26253bb52bc9ba0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/cb1608f2-7d6aebef3637e362.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"4ead-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/8524-e6a68326e4fd1752.js
172.105.252.215200 OK 16 kB URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/8524-e6a68326e4fd1752.js
IP 172.105.252.215:0
Hash 0dfda60f167b275ce6e3bee39c6eb7a9
fe5217ae482a43b4ab483d473006ee5228673d5b
62befd872838327728a4f7f2d83e88e87cd8ef06f2462f81706add31ff984b12
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/8524-e6a68326e4fd1752.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"4e25-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/8176-bf93c3ddaadbf940.js
172.105.252.215200 OK 11 kB URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/8176-bf93c3ddaadbf940.js
IP 172.105.252.215:0
Hash 0cb46d8bebba546aae7c909ddf7e0603
71760d35d07e5e86b6461c9e6cb615f44635e667
70ba49108ab051cf47215d79db48cd98ae85263b053b8797162f703b67044e1b
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/8176-bf93c3ddaadbf940.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"1fd2-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6c93814-fbc2-4f60-a417-7cb6ff99a2ef.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6c93814-fbc2-4f60-a417-7cb6ff99a2ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b24e349e9d22fb30fbc80497b512cead
c033d1ecdb9e7640f3df044e39053bed8292fcbc
2d77e3c39c60a3563613b1ba97ec0b1a256f41ad09936ba49b23d8cf22f8a7a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6c93814-fbc2-4f60-a417-7cb6ff99a2ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6263
x-amzn-requestid: 5c3da401-eb9e-4904-a7e9-5e74648b8b77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KFfWoAMF99A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-3110d65625e883502a5078a9;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X6t2ucU4VTXi5XIRLVpmTMxEW3MtinOQs3mIHIhgeW6aK6kN53dWEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:18 GMT
age: 64085
etag: "c033d1ecdb9e7640f3df044e39053bed8292fcbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7a4115f61984aa5945b0ac7f8df15fc7
1c537f11dfe232d126a4e6031eec156ea06c607c
f014fa3a6b393e0f22e3712dc2e923391d92a797effa62e138a3bdd3a6667059
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F014FA3A6B393E0F22E3712DC2E923391D92A797EFFA62E138A3BDD3A6667059"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 28 Nov 2022 21:39:23 GMT
Date: Mon, 28 Nov 2022 15:39:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ec46b8317305dc568369012b2a3151c9
7a4689967c339c87a0bb095914e49a676ff77388
4a31d33358140434784408bdef18f8adee501d4e927c5327e02eb9550ebf7752
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A31D33358140434784408BDEF18F8ADEE501D4E927C5327E02EB9550EBF7752"
Last-Modified: Sun, 27 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21592
Expires: Mon, 28 Nov 2022 21:39:15 GMT
Date: Mon, 28 Nov 2022 15:39:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ec46b8317305dc568369012b2a3151c9
7a4689967c339c87a0bb095914e49a676ff77388
4a31d33358140434784408bdef18f8adee501d4e927c5327e02eb9550ebf7752
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A31D33358140434784408BDEF18F8ADEE501D4E927C5327E02EB9550EBF7752"
Last-Modified: Sun, 27 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21580
Expires: Mon, 28 Nov 2022 21:39:03 GMT
Date: Mon, 28 Nov 2022 15:39:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7a4115f61984aa5945b0ac7f8df15fc7
1c537f11dfe232d126a4e6031eec156ea06c607c
f014fa3a6b393e0f22e3712dc2e923391d92a797effa62e138a3bdd3a6667059
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F014FA3A6B393E0F22E3712DC2E923391D92A797EFFA62E138A3BDD3A6667059"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 28 Nov 2022 21:39:23 GMT
Date: Mon, 28 Nov 2022 15:39:23 GMT
Connection: keep-alive
api.dreamcarriertreks.com/placeapi/package/
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/package/
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert fortinet Malware
GET /placeapi/package/ HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:24 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/category
172.105.252.215301 Moved Permanently 0 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/category
IP 172.105.252.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /placeapi/category HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
location: /placeapi/category/
x-content-type-options: nosniff
referrer-policy: same-origin
vary: Origin,User-Agent
access-control-allow-origin: *
content-length: 0
date: Mon, 28 Nov 2022 15:39:24 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/category-graph
172.105.252.215200 OK 463 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/category-graph
IP 172.105.252.215:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2380), with no line terminators
Hash 6f504753f6a30bc0292c4303d4ac849d
6ba29014fb73cbdb08c8d8ec69d76229043e2fce
f58c05e4b1fbba8c0736e0eea4eb3413d9bccdcf8d3f22972c246119c811337b
Analyzer Verdict Alert fortinet Malware
GET /placeapi/category-graph HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/json
allow: GET, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
vary: Origin,Accept-Encoding,User-Agent
access-control-allow-origin: *
content-length: 463
content-encoding: br
date: Mon, 28 Nov 2022 15:39:24 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/travel-places/
172.105.252.215200 OK 2.3 kB URL HTTP/2 api.dreamcarriertreks.com/placeapi/travel-places/
IP 172.105.252.215:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7091), with no line terminators
Hash 3a9a97f9ad1af1a06cd14efc8b2fb069
91159bdb4d299182a4354f4f53334a3c92ebda55
b1452454c09ae0a8a2bc8a7137669ff5da7c975beca652223f1cc3b9e43c3618
Analyzer Verdict Alert fortinet Malware
GET /placeapi/travel-places/ HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2286
content-encoding: br
date: Mon, 28 Nov 2022 15:39:24 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/country-list
172.105.252.215200 OK 156 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/country-list
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8774a98c63c60281fa7d26331193368f
4ee7a8c1df66f1b0e9f875ee14a058ddfcdc6028
2b1cb0c2025d3a655b3ce36d5818b0b961408df4cb83626f1950ccc8f201ca27
Analyzer Verdict Alert fortinet Malware
GET /placeapi/country-list HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
allow: GET, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
vary: Origin,User-Agent
access-control-allow-origin: *
content-length: 156
date: Mon, 28 Nov 2022 15:39:24 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/media/new-photos/foo_h7Po3ll.jpeg
172.105.252.215200 OK 85 kB URL HTTP/2 api.dreamcarriertreks.com/media/new-photos/foo_h7Po3ll.jpeg
IP 172.105.252.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 7bc8df1195d4601a0a16ff8dbb1c3576
09a8a0482f5a6728e3e6b0c4da3b9b5debe83131
f39180b67a2b981cc6db24e76c9a3ed49b34b15aa4673e97169158f66f43a316
Analyzer Verdict Alert fortinet Malware
GET /media/new-photos/foo_h7Po3ll.jpeg HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:39:25 GMT
content-type: image/jpeg
last-modified: Thu, 23 Jun 2022 08:18:52 GMT
accept-ranges: bytes
content-length: 85201
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/category/
172.105.252.215200 OK 5.1 kB URL HTTP/2 api.dreamcarriertreks.com/placeapi/category/
IP 172.105.252.215:0
Hash 0e12f601347372de220ae5628d9c34f6
a02c8634403e9bd1dbab82a7454d216b65d787c2
39857c67c5086f654772bd8bb0a2fabb16d3eb2bc7c25580ddd7bcbb7c65dd67
Analyzer Verdict Alert fortinet Malware
GET /placeapi/category/ HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 321
content-encoding: br
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/media/new-photos/foo1_2IqIEi6.jpeg
172.105.252.215200 OK 960 kB URL HTTP/2 api.dreamcarriertreks.com/media/new-photos/foo1_2IqIEi6.jpeg
IP 172.105.252.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 4032x1908, components 3\012- data
Size 960 kB (959780 bytes)
Hash 93de5029faa68df48405a18e0eeca142
afb0450d522570d256cfccdc4873cf4274c24be3
62c23166ba8aa47c1ed44f2628d511ce7d3d557a1250fbeded3820c965214743
Analyzer Verdict Alert fortinet Malware
GET /media/new-photos/foo1_2IqIEi6.jpeg HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:39:24 GMT
content-type: image/jpeg
last-modified: Fri, 08 Jul 2022 10:02:38 GMT
accept-ranges: bytes
content-length: 959780
date: Mon, 28 Nov 2022 15:39:24 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=1
172.105.252.215200 OK 316 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=1
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with very long lines (1725), with no line terminators
Hash 6e79269042c1bb947558b48fbae6576d
d71bf72b51739c0647dc7a077edaca4ff67867c0
3627a554d9e9b6fd1752b4f8e6168b810df9690b3713bb6681a581895169962b
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=1 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 316
content-encoding: br
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=4
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=4
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=4 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=2
172.105.252.215200 OK 6.8 kB URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=2
IP 172.105.252.215:0
File type gzip compressed data, from Unix\012- data
Hash 12b986f9505140ce90d2c84929c685c5
84bd9c8967b0e60685bc4bb47fce8a93c83f1230
4532ac56c3e4bd1818bdda799c6e45bc86165cb6cbe2584479c0da9035035ea8
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=2 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=3
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=3
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=3 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=7
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=7
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=7 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:25 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=5
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=5
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=5 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-category/?category_id=6
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-category/?category_id=6
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer Verdict Alert fortinet Malware
GET /placeapi/sub-category/?category_id=6 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=2
172.105.252.215200 OK 2 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=2
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /placeapi/sub-cateogry-name/?sub_category_id=2 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 2
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=3
172.105.252.215200 OK 2.5 kB URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=3
IP 172.105.252.215:0
Hash b05a9d8b440ec480628887bcaa43b51a
46dc51f70d1627fae4b5c7dc032bdda9228367a8
45d08d8f39aa58a8234c9691ab4c886c250096e41fd47c23c1db3c99972a93d9
GET /placeapi/sub-cateogry-name/?sub_category_id=3 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 289
content-encoding: br
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=5
172.105.252.215200 OK 279 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=5
IP 172.105.252.215:0
File type JSON data\012- , ASCII text, with very long lines (1459), with no line terminators
Hash 730687f1c89fccfccaa4453880a2a82b
6e2f3f2cdf25bf6ad30a1e29912db61f58b6ae6a
79741a4fc413119df12c13e653f88ec96ae721720654f915c982cde88ce7c2c5
GET /placeapi/sub-cateogry-name/?sub_category_id=5 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 279
content-encoding: br
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=4
172.105.252.215200 OK 320 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=4
IP 172.105.252.215:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2148), with no line terminators
Hash a4e6c390dd84ab80dfa2311c68332c18
4fe5b8f47790d4f5ecdcd7dd2fd363df95ce851e
93a0af688f7cc07c22e43470304d969ead0e4e94f570a1263fe3ed62909a5f02
GET /placeapi/sub-cateogry-name/?sub_category_id=4 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 320
content-encoding: br
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=6
172.105.252.215200 OK 427 B URL HTTP/2 api.dreamcarriertreks.com/placeapi/sub-cateogry-name/?sub_category_id=6
IP 172.105.252.215:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5034), with no line terminators
Hash 8221ce631797f4e541d70d5d31460968
3207168e2369b73b6457305b076f5c6d6af79a03
a7066644ae19dc4abfa831db294b69a034618d36af6ba5d27caa3739aae041c0
GET /placeapi/sub-cateogry-name/?sub_category_id=6 HTTP/1.1
Host: api.dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dreamcarriertreks.com
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
vary: Accept, Origin,Accept-Encoding,User-Agent
allow: GET, POST, HEAD, OPTIONS
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
access-control-allow-origin: *
content-length: 427
content-encoding: br
date: Mon, 28 Nov 2022 15:39:26 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/zsIa0Jr1f8zPBkf8VsSbS/_buildManifest.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/zsIa0Jr1f8zPBkf8VsSbS/_buildManifest.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/zsIa0Jr1f8zPBkf8VsSbS/_buildManifest.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"1c88-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/5507-1968272229cd88eb.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/5507-1968272229cd88eb.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/5507-1968272229cd88eb.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"522f-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/
172.105.252.215200 OK 0 B IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: Next.js
etag: "b0c5-iMvIJR78KC+cTcGKbsaS7tQqQnU"
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/main-6d7226cee2050c7b.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/main-6d7226cee2050c7b.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/main-6d7226cee2050c7b.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"1802e-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/pages/_app-d52a0e59e64ac81b.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/pages/_app-d52a0e59e64ac81b.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/pages/_app-d52a0e59e64ac81b.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"8409-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400&display=swap
IP 142.250.74.10:0
GET /css2?family=Source+Sans+Pro:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 15:39:22 GMT
date: Mon, 28 Nov 2022 15:39:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/framework-7d488969745094b0.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/framework-7d488969745094b0.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/framework-7d488969745094b0.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"1fc6b-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/1596-0f82abf7174f3421.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/1596-0f82abf7174f3421.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/1596-0f82abf7174f3421.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"2df99-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/8907-d16a21677b52be56.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/8907-d16a21677b52be56.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/8907-d16a21677b52be56.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"2005-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:22 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/webpack-98009c24c517fa8c.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/webpack-98009c24c517fa8c.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/webpack-98009c24c517fa8c.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"6d5-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Libre+Baskerville&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Libre+Baskerville&display=swap
IP 142.250.74.10:0
GET /css2?family=Libre+Baskerville&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 15:39:22 GMT
date: Mon, 28 Nov 2022 15:39:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dreamcarriertreks.com/_next/static/chunks/a9a7754c-228bdd5e87105008.js
172.105.252.215200 OK 0 B URL HTTP/2 dreamcarriertreks.com/_next/static/chunks/a9a7754c-228bdd5e87105008.js
IP 172.105.252.215:0
Analyzer Verdict Alert fortinet Malware
GET /_next/static/chunks/a9a7754c-228bdd5e87105008.js HTTP/1.1
Host: dreamcarriertreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dreamcarriertreks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 08 Jul 2022 11:30:03 GMT
etag: W/"bfe-181dd92ee78"
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Mon, 28 Nov 2022 15:39:21 GMT
server: LiteSpeed
X-Firefox-Spdy: h2