armmountstravel.com/js/
185.9.147.100302 Found 211 B IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /js/ HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 18:04:22 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EOhFJCmy37GU95e7lsPoOE9WguiQbOz2TkSrVwi1g9t1hvR1VFH80g==
Age: 910
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13327
Expires: Tue, 06 Sep 2022 22:01:39 GMT
Date: Tue, 06 Sep 2022 18:19:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9vNfs1F2RAEzTUdIsEOUKfndTUPFVh3tn5cZF3Cv6_UwWBFVfy79-w==
age: 61455
X-Firefox-Spdy: h2
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 18:19:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:300,400,500
142.250.74.10200 OK 469 B URL HTTP/1.1 fonts.googleapis.com/css?family=Poppins:300,400,500
IP 142.250.74.10:0
Hash d5c8be02baf7ff45f79c1cb309ae6cbf
92907d22e245b2a3e706c1b517b6e91e2ce8ade6
1b8d0f1d0b216245613be07a396f78c249b53f7ea9c6cd9c242e8816dc4ab017
GET /css?family=Poppins:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 06 Sep 2022 18:19:32 GMT
Date: Tue, 06 Sep 2022 18:19:32 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
armmountstravel.com/css/isotope.css
185.9.147.100200 OK 3.5 kB URL HTTP/1.1 armmountstravel.com/css/isotope.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (3497), with no line terminators
Hash d82d90a0f23dd8fec9b291867f48b3b0
90856f54ce7211e1ffdd0f47182666b5cd7a01b5
5ec4f0ab14c4aae30a2f971899b63ea5d7301625e2b3a6d902d68670487d7710
GET /css/isotope.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 3497
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-da9"
Accept-Ranges: bytes
armmountstravel.com/css/style.css
185.9.147.100200 OK 112 kB URL HTTP/1.1 armmountstravel.com/css/style.css
IP 185.9.147.100:0
File type assembler source, ASCII text, with very long lines (343)
Size 112 kB (112254 bytes)
Hash e9731b3f8e98592aefc6e5a82099245b
5bdd89218229a807074beede197554affb26eb6e
a85f97a77eb3301be4d832779033048b92c2f689d4f7665ed70ea2e4a484517f
GET /css/style.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 112254
Last-Modified: Wed, 26 Sep 2018 14:00:45 GMT
Connection: keep-alive
ETag: "5bab910d-1b67e"
Accept-Ranges: bytes
armmountstravel.com/css/font-awesome.min.css
185.9.147.100200 OK 29 kB URL HTTP/1.1 armmountstravel.com/css/font-awesome.min.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (28900)
Hash bb53ad7bffecc0014d64553e96501dce
7cd5a3384333f95c3d37d9488ad82cd6c4b03761
7bc15c522a05ce0e56b8cb3fff83bc6e770130afdd840d469869db69663d78fe
GET /css/font-awesome.min.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 29062
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-7186"
Accept-Ranges: bytes
armmountstravel.com/css/settings.css
185.9.147.100200 OK 29 kB URL HTTP/1.1 armmountstravel.com/css/settings.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (29418)
Hash 062226ebe25895b82f1908b63d9f477d
729e24d83e1e679bff090c9b8907c8d6872a1e0c
0f0c01339831b52567941b596da2339881e952904542ffdd8bb845b2738be9af
GET /css/settings.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 29419
Last-Modified: Fri, 31 Aug 2018 08:38:43 GMT
Connection: keep-alive
ETag: "5b88fe93-72eb"
Accept-Ranges: bytes
armmountstravel.com/css/ionicons.css
185.9.147.100200 OK 51 kB URL HTTP/1.1 armmountstravel.com/css/ionicons.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (50924), with no line terminators
Hash 168827d885077b255801de2c66eeba6b
b83a3311bcc1c580d556c3c2f8faee2095fcb325
73d33b063a437f69b17b091b69c4cb8b500ab27b15a0a307038bed69cd2364e7
GET /css/ionicons.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 50924
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-c6ec"
Accept-Ranges: bytes
armmountstravel.com/css/lightcase.css
185.9.147.100200 OK 13 kB URL HTTP/1.1 armmountstravel.com/css/lightcase.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (12634), with no line terminators
Hash 6a458a66dd9e684c3b46933b458442d9
55965bcb6345c2a90ea55430dd14fa1e289f5683
3ff00b72cf566b6cb36da8d969046e58a74e5a3b25ff61c65bb2343aa0574c22
GET /css/lightcase.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 12634
Last-Modified: Sat, 01 Sep 2018 14:24:21 GMT
Connection: keep-alive
ETag: "5b8aa115-315a"
Accept-Ranges: bytes
armmountstravel.com/css/mqueries.css
185.9.147.100200 OK 22 kB URL HTTP/1.1 armmountstravel.com/css/mqueries.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (14712)
Hash e0f46ea90b443d3fc718aa3bf383d263
31d81461926a54515b9e564a02e35cdb343b6799
2c9c1b1418ddd7ed34171fa6fa651eef7c7215e79e06a16605eca8a0c7d75c2c
GET /css/mqueries.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 22449
Last-Modified: Wed, 26 Sep 2018 08:37:07 GMT
Connection: keep-alive
ETag: "5bab4533-57b1"
Accept-Ranges: bytes
armmountstravel.com/js/plugins.js
185.9.147.100200 OK 9.1 kB URL HTTP/1.1 armmountstravel.com/js/plugins.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (4495)
Hash 06665ec3f271458345c5b210777cb5d5
d98ead2314cca2cd4f79bcb08c056a80792acf29
7c09adc70293b6750c47544e0bd02bfc478ec0748665d4ec319b307a7141fdb2
Analyzer Verdict Alert fortinet Malware
GET /js/plugins.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 9136
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-23b0"
Accept-Ranges: bytes
armmountstravel.com/css/navigation.css
185.9.147.100200 OK 59 kB URL HTTP/1.1 armmountstravel.com/css/navigation.css
IP 185.9.147.100:0
Hash 4997a920bf27721b7f1e11aa9f6e9977
320c28120efcb8e4eb60dfb07e542bbee99714aa
b136e2d51cc93258031fc9b3ba31bcccc32c9f7056833a39a9abb41775024f3c
GET /css/navigation.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 59326
Last-Modified: Fri, 31 Aug 2018 08:38:43 GMT
Connection: keep-alive
ETag: "5b88fe93-e7be"
Accept-Ranges: bytes
armmountstravel.com/css/layers.css
185.9.147.100200 OK 140 kB URL HTTP/1.1 armmountstravel.com/css/layers.css
IP 185.9.147.100:0
Size 140 kB (140333 bytes)
Hash 117cc368e00536a19046cd6939b65ad7
30d50225ec444fb9edb35c90a9f63a35c4698b7c
2c9f331c4d7bfc812bf602e2a8bd36eab0b7ff8803295eb4404f28e8dcaa7200
GET /css/layers.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/css
Content-Length: 140333
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-2242d"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.themepunch.tools.min.js?rev=5.0
185.9.147.100200 OK 109 kB URL HTTP/1.1 armmountstravel.com/js/jquery.themepunch.tools.min.js?rev=5.0
IP 185.9.147.100:0
File type ASCII text, with very long lines (27184)
Size 109 kB (109170 bytes)
Hash e24b8a1055522705299a1b1810d492d2
f4ea30b95f2871d293613df49fa57c113b7b67cd
58ba20111da06812e452383d4966b4fbe03d89d24b0656f45413cd0474fbada8
GET /js/jquery.themepunch.tools.min.js?rev=5.0 HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 109170
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-1aa72"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.slideanims.min.js
185.9.147.100200 OK 30 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.slideanims.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (29819)
Hash 688ea66a40c3420795611a4cdcfe5681
0568d36f8c2e74b7e0a6b91f8ad7fe2cc44e3318
e4673fcefdf1907dd87667e6227314b6f4ad4432d61115c2f237d02c39f2a164
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.slideanims.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 30063
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-756f"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.navigation.min.js
185.9.147.100200 OK 28 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.navigation.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (27448)
Hash e2d813ec52c28fa8ba50e8dd4620ac8a
adc412cd5e152ddfdc8b62839e4897631fe330a0
bfa2f123e71c7377d2e463fcd9cbecdd66ad942011a1254bf4fde4a327418700
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.navigation.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 27681
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-6c21"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.layeranimation.min.js
185.9.147.100200 OK 56 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.layeranimation.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (32060)
Hash 3fc9b75d0f5608f403ac2852db8e7a52
4028cc9719f35002d3409350806aa76ecac4baee
7028881acf7dc68f31a4c7bfa88f94d34bde2580c95e52c9cb4f3e3551f254c9
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.layeranimation.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 55821
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-da0d"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.themepunch.revolution.min.js?rev=5.0
185.9.147.100200 OK 65 kB URL HTTP/1.1 armmountstravel.com/js/jquery.themepunch.revolution.min.js?rev=5.0
IP 185.9.147.100:0
File type ASCII text, with very long lines (32767)
Hash a200604ffdb83160cf79138493bad42d
c25dfe0890b6d2180a44dfe3e8ba3bfc30a03c3a
ff60e7b6020c08cebe1e1c57f4fee01c0213dc54c44f1a0138b8ecb002e49360
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.themepunch.revolution.min.js?rev=5.0 HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 65100
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-fe4c"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.video.min.js
185.9.147.100200 OK 26 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.video.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (25441)
Hash 23f58d9923383a5a952ce05403b50904
d2a0a7fe16b75694f1d07a02c480be3d57f97499
76680ab272ef531d62e218c01eb2411d6a91850c0aea680edd0a3465a6cb2e06
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.video.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 25681
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-6451"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.imagesloaded.min.js
185.9.147.100200 OK 8.7 kB URL HTTP/1.1 armmountstravel.com/js/jquery.imagesloaded.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (8616)
Hash 0e9d39480a41565941b4a457f28b9450
58d26c06f0f0b4f93670614d13350c9226479294
ab7398e310ab79e487e2330c64e0c386415aa670f9ccb3e154adf2a7d75d1c9d
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.imagesloaded.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 8733
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-221d"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.actions.min.js
185.9.147.100200 OK 11 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.actions.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (10414)
Hash 058d41428fa5784d36d18179ae70c1e9
491ad26cbcf3494933e05af6d61b6953f9d1fd0c
f8628c5585a74c37bdd8296dbf049fc59f4f3966acab86d2a0c18632eab19aff
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.actions.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 10644
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-2994"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.isotope.min.js
185.9.147.100200 OK 43 kB URL HTTP/1.1 armmountstravel.com/js/jquery.isotope.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (32031)
Hash 983c332d6c1caf5ab6e462658de870e0
3b2638c9bb9349934e257f6a21674a80a42fa1d5
a11a7b1736bfb18c04d989be3b710a3d0c84e172b9cc1b7ee0d51e522d271d42
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.isotope.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 42631
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-a687"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.min.phatvideobg.js
185.9.147.100200 OK 11 kB URL HTTP/1.1 armmountstravel.com/js/jquery.min.phatvideobg.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (1977)
Hash 33d2f75e622a6f78039bb3abc996d038
b3e5a6cf750064599330b05025716f8c3c0481a6
1609d327a886f3b84c857d469d07228ff372301e38cff57f7c9faaba78ba463a
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.phatvideobg.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 11322
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-2c3a"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.lightcase.min.js
185.9.147.100200 OK 54 kB URL HTTP/1.1 armmountstravel.com/js/jquery.lightcase.min.js
IP 185.9.147.100:0
File type HTML document, ASCII text, with very long lines (1795)
Hash c0e4ad34afc5606d2f8c10578e05bfd1
5c6144891542a9b3c76c38a4639b21d059849f99
37d3dd9084f9e4813b540384404ccd4e82b479019155f265e177897201d75f68
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.lightcase.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 53857
Last-Modified: Sat, 01 Sep 2018 13:44:31 GMT
Connection: keep-alive
ETag: "5b8a97bf-d261"
Accept-Ranges: bytes
armmountstravel.com/js/script.js
185.9.147.100200 OK 25 kB URL HTTP/1.1 armmountstravel.com/js/script.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (1799)
Hash 5c87c2505fb07894234d1cae61c4c099
75fe8d5cc0d3b07cb7982c126607db5e75d57c82
920006791da47ed4f4628325045d573b88198ec4fa4bc92ef020002d150641f1
Analyzer Verdict Alert fortinet Malware
GET /js/script.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 25008
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-61b0"
Accept-Ranges: bytes
armmountstravel.com/img/logo-noha-dark.png
185.9.147.100200 OK 19 kB URL HTTP/1.1 armmountstravel.com/img/logo-noha-dark.png
IP 185.9.147.100:0
File type PNG image data, 150 x 147, 8-bit/color RGBA, non-interlaced\012- data
Hash bb2cb2cd03064a75536db610c776bd38
fdce886a303e90e881efda6168bcaca30e80ce63
bfd366030beeb34810de3e02de7c143de94b8e7ef03061f78be51690aca03e89
GET /img/logo-noha-dark.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 18985
Last-Modified: Thu, 30 Aug 2018 12:35:42 GMT
Connection: keep-alive
ETag: "5b87e49e-4a29"
Accept-Ranges: bytes
armmountstravel.com/img/logo-noha-light.png
185.9.147.100200 OK 15 kB URL HTTP/1.1 armmountstravel.com/img/logo-noha-light.png
IP 185.9.147.100:0
File type PNG image data, 150 x 147, 8-bit/color RGBA, non-interlaced\012- data
Hash 120b0c95abe5773c8d84f7385bade539
360960250eef1b702ebbe19db734b78edf81e9b5
cacdb85314e5ac415583cb160b4e3866dd74b0db5981bb3cfb51d12a5d1e3bcb
GET /img/logo-noha-light.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 15242
Last-Modified: Thu, 30 Aug 2018 12:35:43 GMT
Connection: keep-alive
ETag: "5b87e49f-3b8a"
Accept-Ranges: bytes
armmountstravel.com/img/soc2.png
185.9.147.100200 OK 3.4 kB URL HTTP/1.1 armmountstravel.com/img/soc2.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f50f78546e59207ef50cc1ee7ee80626
6ff431cdfbd31591b70ce26cbb37824c86bdb30d
f93271cfc8769f9a65a4de0981475ab5ef77da353199adfe50709f71e95b3667
GET /img/soc2.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 3408
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-d50"
Accept-Ranges: bytes
armmountstravel.com/img/soc1.png
185.9.147.100200 OK 3.1 kB URL HTTP/1.1 armmountstravel.com/img/soc1.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6b707ef345a88da13700a6554b49bab4
28eb963f43c7da1fd6f71f6fea5968e608e8d488
5a1753269b27890551db09d7e4d401df1b82ade7d298871545beb2958d7da01d
GET /img/soc1.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 3072
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-c00"
Accept-Ranges: bytes
armmountstravel.com/img/soc4.png
185.9.147.100200 OK 3.3 kB URL HTTP/1.1 armmountstravel.com/img/soc4.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d95822130e8774df316f6087bf0fcc05
996b4d1412655df9bc5ca995ebfceb8a62c2f487
06654ae52d9cd7618c808effd4f3353fcf101e266ac90fdd2b5b3493810dea8c
GET /img/soc4.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 3299
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-ce3"
Accept-Ranges: bytes
armmountstravel.com/img/soc6.png
185.9.147.100200 OK 733 B URL HTTP/1.1 armmountstravel.com/img/soc6.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced\012- data
Hash 0637167507058c3b454b0487ce1bb9aa
3dde76b970966def42a157c62ddf5f18b24860fd
af5328364c63776bb4f4e372b9da0d371b6330aae1f45853de672849789ef7db
GET /img/soc6.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 733
Last-Modified: Mon, 10 Sep 2018 08:09:31 GMT
Connection: keep-alive
ETag: "5b9626bb-2dd"
Accept-Ranges: bytes
armmountstravel.com/img/soc5.png
185.9.147.100200 OK 3.2 kB URL HTTP/1.1 armmountstravel.com/img/soc5.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash fba16339f043111dab26005f86aa2aca
44b3b9aa7999e7603f0151059a0d99c1dbc67e43
3f46fdfe4f3811fa2f1e199ebc3c46371b009c83e311f0bd548e48aec4334f3b
GET /img/soc5.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/png
Content-Length: 3231
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-c9f"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 06 Sep 2022 17:38:18 GMT
Expires: Tue, 06 Sep 2022 17:42:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _82uuj2Skmua3zdvTTzpuy8c97hPUBSUk8boX9nuVW6dvwEBeqKkfw==
Age: 2474
armmountstravel.com/img/tour/2.jpg
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/2.jpg
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /img/tour/2.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/assets/demo.css
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/assets/demo.css
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /assets/demo.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/tour/1539095505IMG_5194-min.JPG
185.9.147.100200 OK 179 kB URL HTTP/1.1 armmountstravel.com/tour/1539095505IMG_5194-min.JPG
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x960, components 3\012- data
Size 179 kB (178778 bytes)
Hash 2e410a496a0d0d98c03b354d4fe50ff5
1c7c0b6be5d54d4dd2ec8153e856c26b24b3da5d
d2c5700332c299c7034434baa38d26fa34e6e8dfb2d85d3ac3f55207f9cf5280
Analyzer Verdict Alert fortinet Malware
GET /tour/1539095505IMG_5194-min.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/jpeg
Content-Length: 178778
Last-Modified: Tue, 09 Oct 2018 14:31:45 GMT
Connection: keep-alive
ETag: "5bbcbbd1-2ba5a"
Accept-Ranges: bytes
armmountstravel.com/img/tour/3.jpg
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/3.jpg
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /img/tour/3.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/img/tour/4.JPG
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/4.JPG
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /img/tour/4.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/slider/1536683072slide3.jpg
185.9.147.100200 OK 542 kB URL HTTP/1.1 armmountstravel.com/slider/1536683072slide3.jpg
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1901x1272, components 3\012- data
Size 542 kB (541478 bytes)
Hash 9e7ef91d677f0a551d3c098fac313030
b216b1fd88d1357188b3fcf4dbe5077a489105c4
d044203f227a58926e01f71b94ab7df17f7995315ecdefe45a58a89c0edc35be
GET /slider/1536683072slide3.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/jpeg
Content-Length: 541478
Last-Modified: Tue, 11 Sep 2018 16:24:32 GMT
Connection: keep-alive
ETag: "5b97ec40-84326"
Accept-Ranges: bytes
armmountstravel.com/img/slide2.jpg
185.9.147.100200 OK 428 kB URL HTTP/1.1 armmountstravel.com/img/slide2.jpg
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1338, components 3\012- data
Size 428 kB (427678 bytes)
Hash a34e62f747942812c53bd7e65feb30a5
b1d956b30f0066efdd28ff059189da96ec4a87c5
08a82b497097bafa489fce872b85a37ee050c6a05b49586b7a80096daae607c8
GET /img/slide2.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/jpeg
Content-Length: 427678
Last-Modified: Wed, 05 Sep 2018 10:53:04 GMT
Connection: keep-alive
ETag: "5b8fb590-6869e"
Accept-Ranges: bytes
armmountstravel.com/slider/1537455029IMG_5115-min.JPG
185.9.147.100200 OK 420 kB URL HTTP/1.1 armmountstravel.com/slider/1537455029IMG_5115-min.JPG
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x700, components 3\012- data
Size 420 kB (419644 bytes)
Hash e1b0a4f0aed8ce22926dd728cbcffeb5
03e2e89e06046474bc59413941616b3375a1418b
61c2b8b3c1c66ad0c40e0457ca80b6d03ee6b8743eac706ab1a430a2bc18f895
Analyzer Verdict Alert fortinet Malware
GET /slider/1537455029IMG_5115-min.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: image/jpeg
Content-Length: 419644
Last-Modified: Thu, 20 Sep 2018 14:50:29 GMT
Connection: keep-alive
ETag: "5ba3b3b5-6673c"
Accept-Ranges: bytes
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 787
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 18:19:32 GMT
Last-Modified: Tue, 06 Sep 2022 18:06:25 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
f.vimeocdn.com/js/froogaloop2.min.js
151.101.86.109403 Forbidden 5.4 kB URL HTTP/2 f.vimeocdn.com/js/froogaloop2.min.js
IP 151.101.86.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5364), with no line terminators
Hash e93c5d5e9322783df3325319a34e59bf
59fe46b9ecde66156d6e34b22827e78c8cf73f4f
f99424c50c737152a5da0291de7204b0d805a39b6df33eed73bf778f94b671cb
GET /js/froogaloop2.min.js HTTP/1.1
Host: f.vimeocdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: Varnish
retry-after: 0
content-type: text/html; charset=utf-8
cache-control: pragma, no-cache, max-age=0
accept-ranges: bytes
date: Tue, 06 Sep 2022 18:19:33 GMT
via: 1.1 varnish
x-served-by: cache-bma1622-BMA
x-cache: MISS
x-cache-hits: 0
content-length: 5364
X-Firefox-Spdy: h2
armmountstravel.com/
185.9.147.100200 OK 15 kB IP 185.9.147.100:0
Hash c02238d0e8440e74ab9ffb1e90b5d0d9
02db5e39cd1e3fba44a232494495696d2804ce63
0b3b1b4f5b4263480529ceb0f7d7fd1cc5919b67603faadd234a8f14f8f54ef0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 18:19:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/c16db54a/www-widgetapi.vflset/www-widgetapi.js
142.250.74.142200 OK 53 kB URL HTTP/2 www.youtube.com/s/player/c16db54a/www-widgetapi.vflset/www-widgetapi.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (814)
Hash c4d0e1dd895dd614b08729d42dfc3fae
e34b3e5acb369c16b0871f05aa769b784b1154a2
924af0beaec1f20263aa1792937cc089fbb1f06e8b9f4ba63f257a92c91b4836
GET /s/player/c16db54a/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53414
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 04:45:55 GMT
expires: Wed, 06 Sep 2023 04:45:55 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:46:29 GMT
content-type: text/javascript
age: 48818
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
142.250.74.142200 OK 959 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.142:0
File type ASCII text, with very long lines (509)
Hash 7595308058ed2b8e8eae5a0ba377c9e4
4dd3110880aebc580b1f3edd23e887a73f09349b
e72c3b1fbc038b44c2d850bcce21c9e7e8d32d22d726a2c521a4238c15ac97dc
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 06 Sep 2022 18:19:33 GMT
date: Tue, 06 Sep 2022 18:19:33 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=LuTHq9i8CfE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=QcvSH7D4dvM; Domain=.youtube.com; Expires=Sun, 05-Mar-2023 18:19:33 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+347; expires=Thu, 05-Sep-2024 18:19:33 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
armmountstravel.com/assets/loader.gif
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/assets/loader.gif
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /assets/loader.gif HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/css/settings.css
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:33 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/undefined
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/undefined
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /undefined HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:33 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/css/settings.css
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
push.services.mozilla.com/
35.155.157.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.157.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DyRF0QT//gTnqEKFwbFXLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4zNtsPYe5IbNDfqyOfoGrT6y9cA=
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5184
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 18:19:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5184
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 18:19:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5184
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 18:19:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5184
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 18:19:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5184
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 18:19:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5540d72831e7e7b9fc287f92c48d9f5e
ec19429fa76d9ad47a0578734b011b530b79ebbf
bc27a44853fd17cf51d6bba0db58a755c75a309d9b0cbcd454dfc9d62785f72f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8134
x-amzn-requestid: 5f6027e8-842f-476a-85e5-cc8b848e4567
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEoVIAMFuiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7095c29a04d2f5310b1b84c4;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Gf6IGDeM-y_nDO1C3m9xeyAJdkYRe2CN87Pi986A7B1qsjq5p9VkQw==
via: 1.1 d7782b26e589b8e1397d352f4daf0d58.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 07:41:25 GMT
age: 38289
etag: "ec19429fa76d9ad47a0578734b011b530b79ebbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 983e705542fa78b4d5c876e0c1eada7e
5fc951e5236edd282d4975853ca35dab2e55fb17
fa6e478fc213f6cb6c9f33c96c51105262c857bfe313b3d310755be30b1feeb3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 2703eaf4-1a5a-41a6-859b-47255865efb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-3F2ZIAMFpLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-6df026de5a9230ed429d08c1;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FIIvB2jeQ_PBDzi8XRN0jnNxze3OwDbz8TBaIcadRvmQd2EFhCwX7Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:45:42 GMT
age: 74032
etag: "5fc951e5236edd282d4975853ca35dab2e55fb17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bSBSzzRMdrVdoV3Ld8hYWq2AwO7Mswcwa8Tk_AKa44j1SlrFugNqpg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:48:06 GMT
age: 73888
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:36:52 GMT
age: 49362
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a87857b93f99eab3118aae97a1c9d22
3aea6a5aaf5ccda356d7e0941b33a7c2e2b13e80
97ce11c0e0efe83d6568f173f9235160157c52b4ab4299823d508c072f113ddc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5775
x-amzn-requestid: dc0a6d9c-5aec-44a3-be54-69cec17f9de1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYfxE0noAMFz0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166dfe-6c8ec4b03fc761d81c988132;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z3WamVQsZqAoYnfPZ0rgyYXGzs1jsv56D1oF4Wzva-H-T8a-xPU8mg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:00:00 GMT
age: 73174
etag: "3aea6a5aaf5ccda356d7e0941b33a7c2e2b13e80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c23179b2131543088771e3fa84ff231
ae50ae4aecd962b698c19f2863857b51cea7fcec
660900ca69b1787a734c1dbe3d6b9b19656912b4bc4715964c4325edff57f008
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: d7c8054c-d7d3-4b76-815d-36c3a2e1f6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYn6FwzoAMF40g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166e32-3ededbf27f83503978e0d775;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:46:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8OlwFzmUfQEPeP7pT-g5wRMq0I1jllBnRU0Nxk4kNkcVD_evLZYc7g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:17:51 GMT
etag: "ae50ae4aecd962b698c19f2863857b51cea7fcec"
content-type: image/jpeg
age: 72103
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8cff825-6282-4340-aa72-8e15e060b3de.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8cff825-6282-4340-aa72-8e15e060b3de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72421f8b636827a090934c3127375974
6d3e32e82671de26c379e35301baf9d7f91bd008
a83be2ef99fb72af5eed4489b83d26ca208dd7b49d495444a8191798730d5bc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8cff825-6282-4340-aa72-8e15e060b3de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11720
x-amzn-requestid: 2c92109e-3140-480a-afa8-b9232ad5d8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWsfGOioAMFUzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-7a3444ee76ff9518451bfa56;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vFA9TNU2t9d390cS4qVTntwbbGoun8RhmerUiDLRByt1r-CrHMaqmg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:02:16 GMT
etag: "6d3e32e82671de26c379e35301baf9d7f91bd008"
content-type: image/jpeg
age: 73045
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
armmountstravel.com/
185.9.147.100200 OK 0 B IP 185.9.147.100:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/js/jquery-1.12.4.min.js
185.9.147.100200 OK 0 B URL HTTP/1.1 armmountstravel.com/js/jquery-1.12.4.min.js
IP 185.9.147.100:0
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-1.12.4.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Tue, 06 Sep 2022 18:19:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 98968
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-18298"
Accept-Ranges: bytes