Report - email.travelsbroker.com/c/eJxljssKwjAURL-m2VnyuEmuiywUdOc3SF7YatqUNC307w24FGY2A2c40TClNROMCSDBeESAMxkNp1xQ3ipBctmznoJADVIhk1e8adoBrcXuMa2u5E8svc8TGYxyEtUZg9dgG-9E8NYhCq0YOB4YmQwCBQ6cJDPUuqyduHT83vJ317aljLv1x2nJafRHG0gx72nKKZbcDF5lW_Jq52rn0Ji4kmoe2_On

Report Overview

Submitted URL
email.travelsbroker.com/c/eJxljssKwjAURL-m2VnyuEmuiywUdOc3SF7YatqUNC307w24FGY2A2c40TClNROMCSDBeESAMxkNp1xQ3ipBctmznoJADVIhk1e8adoBrcXuMa2u5E8svc8TGYxyEtUZg9dgG-9E8NYhCq0YOB4YmQwCBQ6cJDPUuqyduHT83vJ317aljLv1x2nJafRHG0gx72nKKZbcDF5lW_Jq52rn0Ji4kmoe2_On_gWmJkEL
IP
34.86.85.56
ASN
#15169 GOOGLE
Submitted
2023-02-23 20:52:01
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-14T05:09:38Z	606 B	127 B	35.163.1.35
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T18:12:07Z	686 B	1.4 kB	216.58.211.3
translate.google.com	1156	2012-05-30T03:30:32Z	2023-03-14T05:28:30Z	411 B	29 kB	216.58.211.14
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-14T08:49:03Z	498 B	18 kB	216.58.207.227
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-14T05:09:04Z	3.0 kB	8.0 kB	23.33.119.10
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T18:13:28Z	782 B	2.4 kB	35.241.9.150
email.travelsbroker.com	unknown	2017-05-16T11:55:21Z	2023-03-08T18:12:37Z	589 B	741 B	34.127.83.42
travelsbroker.com	unknown	2016-07-08T19:35:38Z	2023-03-09T06:41:22Z	16 kB	344 kB	157.90.19.36
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-14T02:50:33Z	908 B	630 B	142.250.74.106
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-14T05:09:37Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-14T05:09:37Z	333 B	391 B	34.117.237.239
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-14T05:51:18Z	483 B	5.1 kB	142.250.74.99
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	52 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-23	medium	travelsbroker.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.4.12	Malware
2023-02-23	medium	travelsbroker.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.12	Malware
2023-02-23	medium	travelsbroker.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1	Malware
2023-02-23	medium	travelsbroker.com/wp-content/uploads/elementor/css/global.css?ver=1605517979	Malware
2023-02-23	medium	travelsbroker.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.6	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.12.0	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.12.0	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.6	Malware
2023-02-23	medium	travelsbroker.com/wp-includes/js/wp-embed.min.js?ver=5.4.12	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.0.13	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.0.13	Malware
2023-02-23	medium	travelsbroker.com/privacy-policy/	Malware
2023-02-23	medium	travelsbroker.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1	Malware
2023-02-23	medium	travelsbroker.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.0.13	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	travelsbroker.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.6	172 kB	2023-03-07	2024-02-06
Pretty URL travelsbroker.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.6 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:02:23 Last Seen2024-02-06 19:24:02 Times Seen62 Hash 63d39da3d4969967612b9cf34e6b465e 81d6b064fad5b55a8187d8c1e7d4630b843ad5d1 c3a8833223091a38e0e23c81c1ce91eda3296506ef432baf5accbf3d597b05ce Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.wkXCVCOo6NU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq20VRe2P5wIBJOSzWCaypPE3Sg1A/m=el_main	213 kB	2023-03-14	2023-03-14
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.wkXCVCOo6NU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq20VRe2P5wIBJOSzWCaypPE3Sg1A/m=el_main IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:24:16 Last Seen2023-03-14 09:18:45 Times Seen1 Hash 8aefd679c71285ab9a17814d54e35154 64adeaf9b2be5eb305ba7a46aee84d1e807a63ae dd05e1ed32d557b47c6c7c0586fb704a2d865a3e991a2d47377135b71d208cca Loading...

	http:srcdoc	1.2 kB	2023-03-08	2023-04-22
Pretty URL http:srcdoc IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:55 Last Seen2023-04-22 02:10:05 Times Seen1280 Hash 1bdd099873761648dd3aa8aad60e2ac3 713e5a99347bd73f3d9c359acd1c885430e22060 0624e7ce1ad63657924f8ca830c5a9a16c721b527ea1b98d2ef471d04348a07d Loading...

	travelsbroker.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4	6.4 kB	2023-03-07	2024-04-19
Pretty URL travelsbroker.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:55 Last Seen2024-04-19 11:25:13 Times Seen1800 Hash d1c2e97eeca08ca067ccf2c5736f0390 5281985542fcc8c5a651d1991296e12c39bfcb82 0ce51090b148a45a0e3d652719ed6ef7f1a38e5d272dbf874f86a49664e897a3 Loading...

	travelsbroker.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2	12 kB	2023-03-07	2024-04-23
Pretty URL travelsbroker.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-23 12:47:33 Times Seen52600 Hash 3819c3569da71daec283a75483735f7e ecd40a5cc6f0b76200c454ca880210dc301cfab8 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0 Loading...

	travelsbroker.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6	139 kB	2023-03-07	2024-04-22
Pretty URL travelsbroker.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-22 09:02:49 Times Seen23131 Hash 15bb2b8491fc7e84137d65f610e1685a cd76b70a5426893e9c022b9a75c50a7c1348e2d0 b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804 Loading...

	travelsbroker.com/wp-includes/js/wp-embed.min.js?ver=5.4.12	1.4 kB	2023-03-07	2024-04-22
Pretty URL travelsbroker.com/wp-includes/js/wp-embed.min.js?ver=5.4.12 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:18 Last Seen2024-04-22 22:46:20 Times Seen6871 Hash 905225d5711b559d3092387d5ffbedbd 6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Loading...

	travelsbroker.com/privacy-policy/	2.3 kB	2023-03-09	2023-03-14
Pretty URL travelsbroker.com/privacy-policy/ IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:15:33 Last Seen2023-03-14 09:18:28 Times Seen1 Hash bb495cf4782998d82ed19c2e75824a72 5c1927a42496236b13a0452b1abde6c48f05b551 a797e02425559530de24fd212a8f574e7405f7b094c3255b3aa73c8a31bb1407 Loading...

	travelsbroker.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp	97 kB	2023-03-07	2024-04-20
Pretty URL travelsbroker.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-04-20 09:49:39 Times Seen17722 Hash 49edccea2e7ba985cadc9ba0531cbed1 f8747f8ee704d9af31d0950015e01d3f9635b070 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df Loading...

	travelsbroker.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12	14 kB	2023-03-07	2024-04-18
Pretty URL travelsbroker.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-18 02:51:38 Times Seen2868 Hash c8d5a4cd14632bc2bdf15b5e45ca9d4d cdf210b710c2792eda450a1a11e5dc1f8dae8594 956fa56f513e1a8025bc85f9314a1747eb061d434403393591145e4ae898c694 Loading...

	travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.0.13	64 kB	2023-03-07	2024-02-06
Pretty URL travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.0.13 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:52 Last Seen2024-02-06 19:24:02 Times Seen63 Hash 4fd96e29eb39cde4bb7429129e504ffb d52ee55cae36b05df91d08b10d8d74ea77dae558 33890efa6c449d0a7f56d32a7ad3fa91eef7ed87acfe2906707ce9b41fe287c3 Loading...

	travelsbroker.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1	10 kB	2023-03-07	2024-04-23
Pretty URL travelsbroker.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-04-23 05:14:55 Times Seen37149 Hash 7121994eec5320fbe6586463bf9651c2 90532aff6d4121954254cdf04994d834f7ec169b 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d Loading...

	travelsbroker.com/privacy-policy/	151 B	2023-03-07	2024-04-09
Pretty URL travelsbroker.com/privacy-policy/ IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-09 19:14:19 Times Seen722 Hash 0cb796ac99f11a254d9e9f15ce0b9870 51bb8503b7fe625b14146193a4f31ac85a3fb738 b190352728af320b263b7d46746b52165e46b8ecb82ce2500dff740540bc6f76 Loading...

	travelsbroker.com/privacy-policy/	1.0 kB	2023-03-09	2023-03-14
Pretty URL travelsbroker.com/privacy-policy/ IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:15:33 Last Seen2023-03-14 09:18:29 Times Seen1 Hash 89809cdd57bac974b61de53ce9bd887a e8c254e94ecf71272d68fd256f45996ebce7e5b3 549849b27f087bae2ea83b10a5de63a77bb88481358a683c510f12fed0f8eb94 Loading...

	translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback	17 kB	2023-03-07	2024-04-22
Pretty URL translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-22 21:37:55 Times Seen14140 Hash a3eefe14b1b4698460d992bd1673a26b a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4 87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067 Loading...

	travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.0.13	120 kB	2023-03-07	2024-02-06
Pretty URL travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.0.13 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:52 Last Seen2024-02-06 19:24:02 Times Seen64 Hash 360e1ed53f0ef4f609a909d83460dc2e 69df563854b08d2c681ff55f7e6ea34aec1c33f0 7857e8b2658aeb8689469c7a31ac705e27c608fb20b5f1a18831b608ed7dcd9b Loading...

	travelsbroker.com/privacy-policy/	1.5 kB	2023-03-07	2024-02-16
Pretty URL travelsbroker.com/privacy-policy/ IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:43:43 Last Seen2024-02-16 10:49:35 Times Seen113 Hash 8a7ad05249883e2d1a4155a5ed35ff43 b476eacda7ee0d53156465b7578904eb6caf626e ff2645fa866c838505a03f4298558aff9b6e863804d12ac8c4eccef6ddcbd2d4 Loading...

	travelsbroker.com/privacy-policy/	1.1 kB	2023-03-14	2023-03-14
Pretty URL travelsbroker.com/privacy-policy/ IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 09:18:29 Last Seen2023-03-14 09:18:29 Times Seen1 Hash b79000aa8337260af3fed9a1d7a7a8f0 e38b0cbb7d28fd091559a8534149e091eee3385e e417f7c490ccb4a6f18b62ee973b00e42012c0833b23890ff5325ccdea9811a8 Loading...

	travelsbroker.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.6	6.6 kB	2023-03-07	2024-04-19
Pretty URL travelsbroker.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.6 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-19 17:56:33 Times Seen4087 Hash e16a8821e5f099c3a619889ea7cf0399 a38e0c736aaf0b019b29b63b00e68c1381502217 a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473 Loading...

	travelsbroker.com/privacy-policy/	869 B	2023-03-07	2024-02-16
Pretty URL travelsbroker.com/privacy-policy/ IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-02-16 10:49:35 Times Seen214 Hash 23abce331939da08653ad1ae0e96ab42 9d643a7eff4ca07cad0e2ffc4f851ac5178182ae 5b3784f77d8eeeff1634593241207b833374d91da614bd64e06c57de1a25f5e7 Loading...

	translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2	80 kB	2023-03-14	2023-03-14
Pretty URL translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 09:18:29 Last Seen2023-03-14 09:18:29 Times Seen1 Hash 71bb7a7438581db35b1b9169965771af 75bc125f0d9a58523ef9a35dbe01b99dd0197e1a b52a19781c52d417150908df0ffa75a856b8297123f8708ce4bb275b476762cd Loading...

	travelsbroker.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1	11 kB	2023-03-07	2024-04-18
Pretty URL travelsbroker.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1 IP 157.90.19.36 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-18 05:49:36 Times Seen3492 Hash 58baf0f238d7afc7ab926b8d51e5b559 8515e5f578269e29c048450f78c107935d325dff 2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb Loading...

HTTP Transactions (62)

URL IP Response Size

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
67fc460ed2f69dde3c410ec607ef3510
ba9f582ec321351e5c06c9b2c381f06b685ef274
85df74fac7d59d76840b6359bac24648fede201c0048f2a8382af6468225ffb8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85DF74FAC7D59D76840B6359BAC24648FEDE201C0048F2A8382AF6468225FFB8"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9964
Expires: Thu, 23 Feb 2023 23:37:54 GMT
Date: Thu, 23 Feb 2023 20:51:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6eb0a77aa4a20639a06d9621742007c2
d2d03beeb111049117b70d5f3dff3698a671ef8a
62c2da0800bf8efb6bb985b2eb046fa863e0b394681fb2ab187a9c4836fbd320

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62C2DA0800BF8EFB6BB985B2EB046FA863E0B394681FB2AB187A9C4836FBD320"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2269
Expires: Thu, 23 Feb 2023 21:29:39 GMT
Date: Thu, 23 Feb 2023 20:51:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb59e5d3cdf08b94e5f41fdeb9aec6c
ff644039db3b9f74d7e2fab10f93581bea10614a
861573a00d75364e15783c5e448c4f8b4da48b38d9beba3ebd33a87f993489a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "861573A00D75364E15783C5E448C4F8B4DA48B38D9BEBA3EBD33A87F993489A5"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10839
Expires: Thu, 23 Feb 2023 23:52:29 GMT
Date: Thu, 23 Feb 2023 20:51:50 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 19:53:56 GMT
content-type: application/json
age: 3474
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: xQlHLJE5wXi9ryGs8S8Xu/OQi4GDwZlvfC0XIGAfx8Ta5zANntGYwA9DrNBgtU4AmrjcyTsgtcdcgmJYyNBzug==
x-amz-request-id: XGDYJV8PQ1N3J7EV
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 20:49:13 GMT
age: 157
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

email.travelsbroker.com/c/eJxljssKwjAURL-m2VnyuEmuiywUdOc3SF7YatqUNC307w24FGY2A2c40TClNROMCSDBeESAMxkNp1xQ3ipBctmznoJADVIhk1e8adoBrcXuMa2u5E8svc8TGYxyEtUZg9dgG-9E8NYhCq0YOB4YmQwCBQ6cJDPUuqyduHT83vJ317aljLv1x2nJafRHG0gx72nKKZbcDF5lW_Jq52rn0Ji4kmoe2_On_gWmJkEL

34.127.83.42

302 Found

432 B

URL HTTP/1.1
email.travelsbroker.com/c/eJxljssKwjAURL-m2VnyuEmuiywUdOc3SF7YatqUNC307w24FGY2A2c40TClNROMCSDBeESAMxkNp1xQ3ipBctmznoJADVIhk1e8adoBrcXuMa2u5E8svc8TGYxyEtUZg9dgG-9E8NYhCq0YOB4YmQwCBQ6cJDPUuqyduHT83vJ317aljLv1x2nJafRHG0gx72nKKZbcDF5lW_Jq52rn0Ji4kmoe2_On_gWmJkEL
IP
34.127.83.42:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
432 B (432 bytes)
Hash
c8ab586a87e268eff839ee83c03bc25f
7fb1f4375f24abbc9b43961361a5495559abf943
b2956ac78c3a5b2012fda509f55ddd357a8d2ef10d0e70728ef3402cd8a3f3a1

HTTP Headers

GET /c/eJxljssKwjAURL-m2VnyuEmuiywUdOc3SF7YatqUNC307w24FGY2A2c40TClNROMCSDBeESAMxkNp1xQ3ipBctmznoJADVIhk1e8adoBrcXuMa2u5E8svc8TGYxyEtUZg9dgG-9E8NYhCq0YOB4YmQwCBQ6cJDPUuqyduHT83vJ317aljLv1x2nJafRHG0gx72nKKZbcDF5lW_Jq52rn0Ji4kmoe2_On_gWmJkEL HTTP/1.1
Host: email.travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Length: 432
Content-Type: text/html
Date: Thu, 23 Feb 2023 20:51:50 GMT
Location: https://travelsbroker.com/privacy-policy/
X-Robots-Tag: noindex
X-Xss-Protection: 1; mode=block

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Cache-Control, Backoff, Pragma, Expires, Last-Modified, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 20:20:35 GMT
age: 1875
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
64742ec084f29dcad92cc52c1493f8fb
b786ff9d039cd23e53057d8b493e96a8d221b259
bbe087c0d75c1022ea94b9e869415edc66b427ec46832f1d4d700a5e64648c59

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BBE087C0D75C1022EA94B9E869415EDC66B427EC46832F1D4D700A5E64648C59"
Last-Modified: Thu, 23 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21570
Expires: Fri, 24 Feb 2023 02:51:20 GMT
Date: Thu, 23 Feb 2023 20:51:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5fa728a339ca32e616d483e61d0aebcd
6a63966de94d16390c8f1e47e5b67fe5bb67f7cd
7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13628
Expires: Fri, 24 Feb 2023 00:38:59 GMT
Date: Thu, 23 Feb 2023 20:51:51 GMT
Connection: keep-alive

travelsbroker.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.4.12

157.90.19.36

200 OK

770 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.4.12
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
770 B (770 bytes)
Hash
8e04d32fec9aef99f3fdb11b22211598
b9965cdad85db31384b987684aa56616e1172a19
df19921890ef932857001d400b8037779d7b90233600fe0e7fc421f66355f886

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.4.12 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:41 GMT
vary: Accept-Encoding
etag: W/"5fb24289-2b5"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.12

157.90.19.36

200 OK

8.3 kB

URL HTTP/2
travelsbroker.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.12
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
8.3 kB (8327 bytes)
Hash
20b0ae577dd38471a5c7f467b4f96493
954fc1259288ec3ba82c0d90b0eb1ab4774b9bca
e71ef194df0955ce0780aeb385f4dfdf9e639a1187c46c8b713cd4ad9093f2c6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=5.4.12 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Wed, 15 Jul 2020 14:02:10 GMT
vary: Accept-Encoding
etag: W/"5f0f0c62-d159"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.163.1.35

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.1.35:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vDmQ1kn8a1mQN+OvS1eKBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uaGbtM6Yy6PhlgXiXZ5ulK08/lg=

travelsbroker.com/wp-content/plugins/gtranslate/flags/16/en.png

157.90.19.36

200 OK

707 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/gtranslate/flags/16/en.png
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
707 B (707 bytes)
Hash
e4896565595fc22e344fd619c0ed15bb
43d4481a4cc3e60b406b2467b5f7e576fcbae260
c3a4cb8f32ef0cd89e6429d40d1faebd359e02e34d69764052c8402a391e9a00

HTTP Headers

GET /wp-content/plugins/gtranslate/flags/16/en.png HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: image/png
content-length: 707
last-modified: Mon, 16 Nov 2020 09:12:41 GMT
etag: "5fb24289-2c3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/2020/06/Copia-di-Copia-di-Copia-di-Copia-di-TravelsBroker-2.png

157.90.19.36

200 OK

6.8 kB

URL HTTP/2
travelsbroker.com/wp-content/uploads/2020/06/Copia-di-Copia-di-Copia-di-Copia-di-TravelsBroker-2.png
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 400 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
6.8 kB (6804 bytes)
Hash
47ba9ab697d994ed5a3efc99742bead8
2d777a3eea6ee07cf4425850f15e248901009627
5350d522ad47d6dedc7eb87c78031074cb577c75fd6a0c49e5d640936ba6ca83

HTTP Headers

GET /wp-content/uploads/2020/06/Copia-di-Copia-di-Copia-di-Copia-di-TravelsBroker-2.png HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: image/png
content-length: 6804
last-modified: Wed, 15 Jul 2020 15:23:40 GMT
etag: "5f0f1f7c-1a94"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/themes/hello-elementor/theme.min.css?ver=2.2.0

157.90.19.36

200 OK

1.9 kB

URL HTTP/2
travelsbroker.com/wp-content/themes/hello-elementor/theme.min.css?ver=2.2.0
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
1.9 kB (1905 bytes)
Hash
97ffb70d0ef2a075db43cfad3ad78529
346674a4f6d6f628c6a3f1db13f3e2591ecb31f5
bf55def6e28bfdcc1b2cf2faead9dc48ecc11b57a62755b51996c4e56ecda210

HTTP Headers

GET /wp-content/themes/hello-elementor/theme.min.css?ver=2.2.0 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Fri, 12 Jun 2020 10:56:42 GMT
vary: Accept-Encoding
etag: W/"5ee35f6a-146f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d5a81909f9ba52a4b5b4beca7189f10a
216a773aef7239d68c979f6c24013a31f085c779
79799853ac50d2c9e10b8cfab4a57150b087403209006e166af67164c2630de6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 20:51:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

travelsbroker.com/wp-content/plugins/gtranslate/switcher.png

157.90.19.36

200 OK

207 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/gtranslate/switcher.png
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 10 x 19, 8-bit/color RGBA, non-interlaced\012- data
Size
207 B (207 bytes)
Hash
d6ae4f341752017ab0e603e3bb9260b7
c84c11d3bc69c7e14b2f75e7dea6e0ac93dee1e2
8c2ad9254589a597b65dae284a6da49dbfe1e3c8e628b03b80883d980fb6435e

HTTP Headers

GET /wp-content/plugins/gtranslate/switcher.png HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: image/png
content-length: 207
last-modified: Mon, 16 Nov 2020 09:12:41 GMT
etag: "5fb24289-cf"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2

216.58.211.14

200 OK

28 kB

URL HTTP/2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
IP
216.58.211.14:0
ASN
#15169 GOOGLE

File type
data
Size
28 kB (27996 bytes)
Hash
8142c9c91053a609a5e9c2618b059bf5
e54550ad149c389b5489c896bbd9ec75d77bb5fd
c7f956feb2715a18925b922eda310b4a40ad9dc9a208c622d527ff5d4ca4526f

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Feb 2023 20:51:51 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+610; expires=Sat, 22-Feb-2025 20:51:51 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
18880e1808370080e86c124fc0f15477
cee3e545df43115cf8bc5b560e2c25b529219c16
8f162b3abb4870796094fcc5a6736023539c294aec20e149c97af1ab39c42337

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 20:51:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

travelsbroker.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.9.1

157.90.19.36

200 OK

19 kB

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.9.1
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
19 kB (19231 bytes)
Hash
8ffb624976ee4f34bcccbae92fcf829f
2a924447fec31bd5ef6987a4f716a0e73aaacc58
c0e61feac58d66ace7645e348336cc708bf9fedca7d8fc8fffa07cec534fabf6

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.9.1 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-40fc"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

157.90.19.36

200 OK

4.5 kB

URL HTTP/2
travelsbroker.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
4.5 kB (4488 bytes)
Hash
4bcf276f7231856a4768426eab83fb0d
1085e8d7f4c233ccca51f973b280bdec62dc3632
10e6ce2b291a79c588c53283ca57bfdbb109d6b30a794df43687db0de76a75a9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 15 Jul 2020 14:02:05 GMT
vary: Accept-Encoding
etag: W/"5f0f0c5d-2748"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.12.0

157.90.19.36

200 OK

16 kB

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.12.0
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
16 kB (16220 bytes)
Hash
3ddabe78ce7abe86668a9f2fb8b9bd1b
df7434d2bf9769508353001706400385eb6d214d
ae124db1dfb80c7f5d86fe0550cd10e69fb1c23b1f58e7f3b09d56e388b53e86

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.12.0 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-295"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.0rZG3fI8nBA.L.F4.O/d=0/rs=AN8SPfqjjvJx_x7Gi7b-Ll7QLaWsKl87tA/m=el_main_css

142.250.74.99

200 OK

4.3 kB

URL HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.0rZG3fI8nBA.L.F4.O/d=0/rs=AN8SPfqjjvJx_x7Gi7b-Ll7QLaWsKl87tA/m=el_main_css
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (23413), with no line terminators
Size
4.3 kB (4259 bytes)
Hash
c41e5d33c01691d96d76486b1544004b
20b040a572de3003c9977df33e2d631efb9cb68c
f063d4dbe944940b190b4da3716cc71fca549b9fd46d4b30ecf8e0c4a651593c

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.0rZG3fI8nBA.L.F4.O/d=0/rs=AN8SPfqjjvJx_x7Gi7b-Ll7QLaWsKl87tA/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 4259
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 21 Feb 2023 16:45:32 GMT
expires: Wed, 21 Feb 2024 16:45:32 GMT
cache-control: public, max-age=31536000
age: 187579
last-modified: Wed, 08 Feb 2023 02:19:28 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/elementor/css/global.css?ver=1605517979

157.90.19.36

200 OK

18 kB

URL HTTP/2
travelsbroker.com/wp-content/uploads/elementor/css/global.css?ver=1605517979
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
18 kB (18371 bytes)
Hash
7c45330357669507f690e90db1f50a4e
eed97eccb41d2a789104b72d169af3c958d6c6bd
0d77547d7cf5b494afefb117bc381a51d51f3d5ef1da6709c7207fa39ec3cd01

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/uploads/elementor/css/global.css?ver=1605517979 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:59 GMT
vary: Accept-Encoding
etag: W/"5fb2429b-837c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

157.90.19.36

200 OK

68 kB

URL HTTP/2
travelsbroker.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
68 kB (68131 bytes)
Hash
f7efc35a3cd7f766e280c21243ced562
30dd9ad900bfde0857bf054b9dd65e07aab34893
5e12c59d5c86a8a797064afd989871ea4d470efb18a3bb6fc992a98263d4c01b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 15 Jul 2020 14:02:05 GMT
vary: Accept-Encoding
etag: W/"5f0f0c5d-17a69"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

157.90.19.36

200 OK

76 kB

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
Web Open Font Format (Version 2), TrueType, length 76084, version 330.-16253\012- data
Size
76 kB (76084 bytes)
Hash
f6121be597a72928f54e7ab5b95512a1
b2c74520c3f506efbfefca867918e5ae28bd5222
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.12.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/octet-stream
content-length: 76084
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
etag: "5fb24284-12934"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

216.58.207.227

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://travelsbroker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 18 Feb 2023 12:49:39 GMT
expires: Sun, 18 Feb 2024 12:49:39 GMT
cache-control: public, max-age=31536000
age: 460932
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/2020/07/cropped-TravelsBroker-192x192.png

157.90.19.36

200 OK

11 kB

URL HTTP/2
travelsbroker.com/wp-content/uploads/2020/07/cropped-TravelsBroker-192x192.png
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10699 bytes)
Hash
f52a2a61e8b0af558ec36fbaccd80a63
9cf9fe7350d91613b9a1d312ba5d8c027446e55c
04928d5894bc37c1e9c6d74862c192c5f109b6e9e95e4ea9ff1272e19ac382c8

HTTP Headers

GET /wp-content/uploads/2020/07/cropped-TravelsBroker-192x192.png HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: image/png
content-length: 10699
last-modified: Thu, 16 Jul 2020 11:35:23 GMT
etag: "5f103b7b-29cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/2020/07/cropped-TravelsBroker-32x32.png

157.90.19.36

200 OK

1.1 kB

URL HTTP/2
travelsbroker.com/wp-content/uploads/2020/07/cropped-TravelsBroker-32x32.png
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1119 bytes)
Hash
6c10767b203a963cb98c93cc6e5985ca
dc5c7b004edfa39ce4291303c1cc6aeef3b0a826
75ba68d57b69ae6ae18a48db0c69bec54ba69403acd958d5cd304877717dd9e4

HTTP Headers

GET /wp-content/uploads/2020/07/cropped-TravelsBroker-32x32.png HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: image/png
content-length: 1119
last-modified: Thu, 16 Jul 2020 11:35:23 GMT
etag: "5f103b7b-45f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.6

157.90.19.36

200 OK

99 kB

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.6
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (65493)
Size
99 kB (99273 bytes)
Hash
459e77986504e00ccdae698c284d7a41
5c683388ade897049f99f66ad5ebe90972303de6
3e2beeface7ad0944e750b4c4f3faa163f03ec0923fbd8ceb8a8f71ae77abaf2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.6 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:39 GMT
vary: Accept-Encoding
etag: W/"5fb24287-335b0"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe121133a6eaf8645743a14717612cd5
b9276c474ba3e40e5cc2921accb452bb7b11ecb2
4c72ab325e4608168d6258ba615ffc21f94a3594a8d1ef48f28b8622b198c27b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C72AB325E4608168D6258BA615FFC21F94A3594A8D1EF48F28B8622B198C27B"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 23 Feb 2023 22:32:20 GMT
Date: Thu, 23 Feb 2023 20:51:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe121133a6eaf8645743a14717612cd5
b9276c474ba3e40e5cc2921accb452bb7b11ecb2
4c72ab325e4608168d6258ba615ffc21f94a3594a8d1ef48f28b8622b198c27b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C72AB325E4608168D6258BA615FFC21F94A3594A8D1EF48F28B8622B198C27B"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 23 Feb 2023 22:32:20 GMT
Date: Thu, 23 Feb 2023 20:51:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe121133a6eaf8645743a14717612cd5
b9276c474ba3e40e5cc2921accb452bb7b11ecb2
4c72ab325e4608168d6258ba615ffc21f94a3594a8d1ef48f28b8622b198c27b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C72AB325E4608168D6258BA615FFC21F94A3594A8D1EF48F28B8622B198C27B"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 23 Feb 2023 22:32:20 GMT
Date: Thu, 23 Feb 2023 20:51:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe121133a6eaf8645743a14717612cd5
b9276c474ba3e40e5cc2921accb452bb7b11ecb2
4c72ab325e4608168d6258ba615ffc21f94a3594a8d1ef48f28b8622b198c27b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C72AB325E4608168D6258BA615FFC21F94A3594A8D1EF48F28B8622B198C27B"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 23 Feb 2023 22:32:20 GMT
Date: Thu, 23 Feb 2023 20:51:52 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9721 bytes)
Hash
e4016fa20fa2642f89d375fcc2855d4b
f1733be34a214e9565208f814dd3990f89cafbcb
74686e6a674433c436bce8c70cecc1a2cde51e82241e8251188ebd587fd4ee18

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9721
x-amzn-requestid: 5ddea3ff-b6e2-4528-8e71-eade54612b4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqR3HJpoAMF5LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68a72-413219251feae2e32b9e6857;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iHR9N5OPgY8mjpsZowY-Ipeq62c8O_QQorpNmIOa68_vmWyY0eqt-A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:44:15 GMT
age: 83257
etag: "f1733be34a214e9565208f814dd3990f89cafbcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e1f8718-617f-4cdb-9fab-ed40cbef6784.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9686 bytes)
Hash
cc56e7499a3e9db178e91df024e668f0
9cc85c16fd4a9d10df5db5ddfc54b0d88999f317
25ffc87e2be6e0dc9ac208aafbefa99bb4c1d6476c1447056b83d462cd182df2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e1f8718-617f-4cdb-9fab-ed40cbef6784.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9686
x-amzn-requestid: f12fd84d-1be7-4b80-842c-e2111aa80806
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ArYFqFzaoAMF2hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f46d57-5a17eba635156fc35184ff0d;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 07:05:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y_b4w77w0mMq2Bzf0p7Ns-2vLEY7A0InmEcu9RxxpmHzJ3QdYLHypg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 07:42:53 GMT
age: 47339
etag: "9cc85c16fd4a9d10df5db5ddfc54b0d88999f317"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F403cd5de-6016-40c5-bb7a-1ee6515b0fdb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6014 bytes)
Hash
8c6732b7444870a5b22ebce5df2c278b
bd8bd8ba57a3d59b71f910110b7b0ce23c7bf605
6232d37914485ffd42f7e5932c36a9ff49bdd42bb8a13837cc9c054d86ccdc78

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F403cd5de-6016-40c5-bb7a-1ee6515b0fdb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6014
x-amzn-requestid: bd27a21d-c09d-4d37-ba2d-72144fc7dd53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Aw9JeGqvoAMFkhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f6a8a2-4940a8d470c04d9b2ce70b12;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 23:43:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Qb9klr3RdNqiiu9QulerHB84G6zpnon_xHZx8kJwq7PVqWxyPAz8vw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 05:39:13 GMT
age: 54759
etag: "bd8bd8ba57a3d59b71f910110b7b0ce23c7bf605"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7734 bytes)
Hash
e7cd1e9feb9abc7f7d7f0d5fc7b181f0
cf3ce1808c48e1a86910e16731a044f6cb26275d
426c90298d5a0807b7820d803ce2907268df1195e15d5582eb0ff2f3deeb318c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7734
x-amzn-requestid: fe4dc342-33b6-45f6-984c-2c71dfa0ec13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtX-lGiJoAMFW3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f539f6-489049413f3cb63c537f20d0;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:39:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wrkzZEinm7SD60TVf2-zwKUiJx0nfe6iwy2hLIO_1ia3OPlk21fsMg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:42:20 GMT
age: 83372
etag: "cf3ce1808c48e1a86910e16731a044f6cb26275d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c4dab71-c39e-421a-8dd6-60a97e3b2223.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6643 bytes)
Hash
9a6c075bf39141bbc7826d6969cf2ac8
8a3f71fea281d57261814a858c94fd11f083b9fe
dbd5fd07729dd569dd87128ba167ccccb2fa1c8e73f3eb6d64ac1c37f8294db7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c4dab71-c39e-421a-8dd6-60a97e3b2223.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6643
x-amzn-requestid: 326ed8fb-b228-4546-adf3-a188ce799089
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ArXwJG4OoAMFVZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f46ccd-74c2a8741928ad99733db89f;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 07:03:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Gu_G39ZXNYgyloJITQfAYavWjzrcB_sPNNOROrgBJW3BZtCVLpbxSQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 05:02:10 GMT
age: 56982
etag: "8a3f71fea281d57261814a858c94fd11f083b9fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1024518c-aee4-4742-a886-86b92f76f0c3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5823 bytes)
Hash
fbf1945668d4a8c35e68f8d60fd80f56
0553020a82f7a6245a2979d58e1765883a777893
4220c9dea6f77c1775be6ca4d1d133b3d8f1d9caec3cc6e85747b87c7d897a92

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1024518c-aee4-4742-a886-86b92f76f0c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5823
x-amzn-requestid: 4b226ac8-c443-4382-ab8e-b618c95a713d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Aq1HSFWvIAMFUAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f43561-7ac4a51e389a6e6b2a9199a5;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 03:07:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: p6v-ksQmtagKBT2hXXL7AVGvhSCwy8wUoi4dWRJPDaSsT7BvBxh4fw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 03:02:20 GMT
age: 64172
etag: "0553020a82f7a6245a2979d58e1765883a777893"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-2fa6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.12.0

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.12.0
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.12.0 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-d9c9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.0.13

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.0.13
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.0.13 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-1b655"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.12.0

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.12.0
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.12.0 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-29c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.6

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.6
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.6 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:39 GMT
vary: Accept-Encoding
etag: W/"5fb24287-2a0c2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.0.13

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.0.13
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.0.13 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-a12"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-includes/js/wp-embed.min.js?ver=5.4.12

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-includes/js/wp-embed.min.js?ver=5.4.12
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=5.4.12 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Apr 2021 21:29:04 GMT
vary: Accept-Encoding
etag: W/"6078b020-592"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.0.13

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.0.13
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.0.13 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-fa7a"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.0.13

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.0.13
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.0.13 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-4824"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/elementor/css/post-75.css?ver=1615211736

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/uploads/elementor/css/post-75.css?ver=1615211736
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/elementor/css/post-75.css?ver=1615211736 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 08 Mar 2021 13:55:36 GMT
vary: Accept-Encoding
etag: W/"60462cd8-3b3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/elementor/css/post-39.css?ver=1612523639

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/uploads/elementor/css/post-39.css?ver=1612523639
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/elementor/css/post-39.css?ver=1612523639 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Fri, 05 Feb 2021 11:13:59 GMT
vary: Accept-Encoding
etag: W/"601d2877-14c9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.6

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.6
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.6 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:39 GMT
vary: Accept-Encoding
etag: W/"5fb24287-19c3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-21f91"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.0.13

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.0.13
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.0.13 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-1d5a1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/privacy-policy/

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/privacy-policy/
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /privacy-policy/ HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://travelsbroker.com/wp-json/>; rel="https://api.w.org/", <https://travelsbroker.com/?p=3>; rel=shortlink
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=5.4.12 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Apr 2021 21:29:04 GMT
vary: Accept-Encoding
etag: W/"6078b020-363c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/jquery/ui/position.min.js?ver=1.11.4 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Apr 2021 21:29:04 GMT
vary: Accept-Encoding
etag: W/"6078b020-1926"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-2a6f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.0.13

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.0.13
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.0.13 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:36 GMT
vary: Accept-Encoding
etag: W/"5fb24284-f0f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

travelsbroker.com/wp-content/uploads/elementor/css/post-36.css?ver=1605517979

157.90.19.36

200 OK

0 B

URL HTTP/2
travelsbroker.com/wp-content/uploads/elementor/css/post-36.css?ver=1605517979
IP
157.90.19.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/elementor/css/post-36.css?ver=1605517979 HTTP/1.1
Host: travelsbroker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 20:51:51 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 09:12:59 GMT
vary: Accept-Encoding
etag: W/"5fb2429b-834"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRubik%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=5.4.12

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRubik%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=5.4.12
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRubik%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=5.4.12 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://travelsbroker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 Feb 2023 20:51:51 GMT
date: Thu, 23 Feb 2023 20:51:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML