armmountstravel.com/js/
185.9.147.100302 Found 211 B IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /js/ HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7106
Expires: Fri, 02 Sep 2022 17:45:25 GMT
Date: Fri, 02 Sep 2022 15:46:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 14:49:06 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uc2o0F2nPPkDUyqMM0_Fg0JjR6k6pQkWUxdS00-XL5KJBocl5QZALA==
Age: 3472
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4xn22bueAuAcYtp17K6_uvTfwnpqncrnbWdjAQVOpySGQF7kzEVejA==
age: 52302
X-Firefox-Spdy: h2
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 15:46:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:300,400,500
142.250.74.10200 OK 469 B URL HTTP/1.1 fonts.googleapis.com/css?family=Poppins:300,400,500
IP 142.250.74.10:0
Hash d5c8be02baf7ff45f79c1cb309ae6cbf
92907d22e245b2a3e706c1b517b6e91e2ce8ade6
1b8d0f1d0b216245613be07a396f78c249b53f7ea9c6cd9c242e8816dc4ab017
GET /css?family=Poppins:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 02 Sep 2022 15:46:59 GMT
Date: Fri, 02 Sep 2022 15:46:59 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
armmountstravel.com/css/isotope.css
185.9.147.100200 OK 3.5 kB URL HTTP/1.1 armmountstravel.com/css/isotope.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (3497), with no line terminators
Hash d82d90a0f23dd8fec9b291867f48b3b0
90856f54ce7211e1ffdd0f47182666b5cd7a01b5
5ec4f0ab14c4aae30a2f971899b63ea5d7301625e2b3a6d902d68670487d7710
GET /css/isotope.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 3497
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-da9"
Accept-Ranges: bytes
armmountstravel.com/css/style.css
185.9.147.100200 OK 112 kB URL HTTP/1.1 armmountstravel.com/css/style.css
IP 185.9.147.100:0
File type assembler source, ASCII text, with very long lines (343)
Size 112 kB (112254 bytes)
Hash e9731b3f8e98592aefc6e5a82099245b
5bdd89218229a807074beede197554affb26eb6e
a85f97a77eb3301be4d832779033048b92c2f689d4f7665ed70ea2e4a484517f
GET /css/style.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 112254
Last-Modified: Wed, 26 Sep 2018 14:00:45 GMT
Connection: keep-alive
ETag: "5bab910d-1b67e"
Accept-Ranges: bytes
armmountstravel.com/css/font-awesome.min.css
185.9.147.100200 OK 29 kB URL HTTP/1.1 armmountstravel.com/css/font-awesome.min.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (28900)
Hash bb53ad7bffecc0014d64553e96501dce
7cd5a3384333f95c3d37d9488ad82cd6c4b03761
7bc15c522a05ce0e56b8cb3fff83bc6e770130afdd840d469869db69663d78fe
GET /css/font-awesome.min.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 29062
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-7186"
Accept-Ranges: bytes
armmountstravel.com/css/settings.css
185.9.147.100200 OK 29 kB URL HTTP/1.1 armmountstravel.com/css/settings.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (29418)
Hash 062226ebe25895b82f1908b63d9f477d
729e24d83e1e679bff090c9b8907c8d6872a1e0c
0f0c01339831b52567941b596da2339881e952904542ffdd8bb845b2738be9af
GET /css/settings.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 29419
Last-Modified: Fri, 31 Aug 2018 08:38:43 GMT
Connection: keep-alive
ETag: "5b88fe93-72eb"
Accept-Ranges: bytes
armmountstravel.com/css/ionicons.css
185.9.147.100200 OK 51 kB URL HTTP/1.1 armmountstravel.com/css/ionicons.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (50924), with no line terminators
Hash 168827d885077b255801de2c66eeba6b
b83a3311bcc1c580d556c3c2f8faee2095fcb325
73d33b063a437f69b17b091b69c4cb8b500ab27b15a0a307038bed69cd2364e7
GET /css/ionicons.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 50924
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-c6ec"
Accept-Ranges: bytes
armmountstravel.com/css/lightcase.css
185.9.147.100200 OK 13 kB URL HTTP/1.1 armmountstravel.com/css/lightcase.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (12634), with no line terminators
Hash 6a458a66dd9e684c3b46933b458442d9
55965bcb6345c2a90ea55430dd14fa1e289f5683
3ff00b72cf566b6cb36da8d969046e58a74e5a3b25ff61c65bb2343aa0574c22
GET /css/lightcase.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/css
Content-Length: 12634
Last-Modified: Sat, 01 Sep 2018 14:24:21 GMT
Connection: keep-alive
ETag: "5b8aa115-315a"
Accept-Ranges: bytes
armmountstravel.com/css/mqueries.css
185.9.147.100200 OK 22 kB URL HTTP/1.1 armmountstravel.com/css/mqueries.css
IP 185.9.147.100:0
File type ASCII text, with very long lines (14712)
Hash e0f46ea90b443d3fc718aa3bf383d263
31d81461926a54515b9e564a02e35cdb343b6799
2c9c1b1418ddd7ed34171fa6fa651eef7c7215e79e06a16605eca8a0c7d75c2c
GET /css/mqueries.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/css
Content-Length: 22449
Last-Modified: Wed, 26 Sep 2018 08:37:07 GMT
Connection: keep-alive
ETag: "5bab4533-57b1"
Accept-Ranges: bytes
armmountstravel.com/css/navigation.css
185.9.147.100200 OK 59 kB URL HTTP/1.1 armmountstravel.com/css/navigation.css
IP 185.9.147.100:0
Hash 4997a920bf27721b7f1e11aa9f6e9977
320c28120efcb8e4eb60dfb07e542bbee99714aa
b136e2d51cc93258031fc9b3ba31bcccc32c9f7056833a39a9abb41775024f3c
GET /css/navigation.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 59326
Last-Modified: Fri, 31 Aug 2018 08:38:43 GMT
Connection: keep-alive
ETag: "5b88fe93-e7be"
Accept-Ranges: bytes
armmountstravel.com/css/layers.css
185.9.147.100200 OK 140 kB URL HTTP/1.1 armmountstravel.com/css/layers.css
IP 185.9.147.100:0
Size 140 kB (140333 bytes)
Hash 117cc368e00536a19046cd6939b65ad7
30d50225ec444fb9edb35c90a9f63a35c4698b7c
2c9f331c4d7bfc812bf602e2a8bd36eab0b7ff8803295eb4404f28e8dcaa7200
GET /css/layers.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:46:59 GMT
Content-Type: text/css
Content-Length: 140333
Last-Modified: Fri, 31 Aug 2018 08:38:42 GMT
Connection: keep-alive
ETag: "5b88fe92-2242d"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.themepunch.tools.min.js?rev=5.0
185.9.147.100200 OK 109 kB URL HTTP/1.1 armmountstravel.com/js/jquery.themepunch.tools.min.js?rev=5.0
IP 185.9.147.100:0
File type ASCII text, with very long lines (27184)
Size 109 kB (109170 bytes)
Hash e24b8a1055522705299a1b1810d492d2
f4ea30b95f2871d293613df49fa57c113b7b67cd
58ba20111da06812e452383d4966b4fbe03d89d24b0656f45413cd0474fbada8
GET /js/jquery.themepunch.tools.min.js?rev=5.0 HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 109170
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-1aa72"
Accept-Ranges: bytes
armmountstravel.com/js/plugins.js
185.9.147.100200 OK 9.1 kB URL HTTP/1.1 armmountstravel.com/js/plugins.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (4495)
Hash 06665ec3f271458345c5b210777cb5d5
d98ead2314cca2cd4f79bcb08c056a80792acf29
7c09adc70293b6750c47544e0bd02bfc478ec0748665d4ec319b307a7141fdb2
Analyzer Verdict Alert fortinet Malware
GET /js/plugins.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 9136
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-23b0"
Accept-Ranges: bytes
armmountstravel.com/js/jquery-1.12.4.min.js
185.9.147.100200 OK 99 kB URL HTTP/1.1 armmountstravel.com/js/jquery-1.12.4.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (32077)
Hash 0823848d28853a395543169279bd06b6
347b10841172efdef0eeeb4eacb5053a59636a42
3c5b2793f09d021c6f6455f172ea19f385d91043009c2c970f2dcf8a685d5bc7
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-1.12.4.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 98968
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-18298"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.slideanims.min.js
185.9.147.100200 OK 30 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.slideanims.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (29819)
Hash 688ea66a40c3420795611a4cdcfe5681
0568d36f8c2e74b7e0a6b91f8ad7fe2cc44e3318
e4673fcefdf1907dd87667e6227314b6f4ad4432d61115c2f237d02c39f2a164
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.slideanims.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 30063
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-756f"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.layeranimation.min.js
185.9.147.100200 OK 56 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.layeranimation.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (32060)
Hash 3fc9b75d0f5608f403ac2852db8e7a52
4028cc9719f35002d3409350806aa76ecac4baee
7028881acf7dc68f31a4c7bfa88f94d34bde2580c95e52c9cb4f3e3551f254c9
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.layeranimation.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 55821
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-da0d"
Accept-Ranges: bytes
armmountstravel.com/js/revolution.extension.navigation.min.js
185.9.147.100200 OK 28 kB URL HTTP/1.1 armmountstravel.com/js/revolution.extension.navigation.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (27448)
Hash e2d813ec52c28fa8ba50e8dd4620ac8a
adc412cd5e152ddfdc8b62839e4897631fe330a0
bfa2f123e71c7377d2e463fcd9cbecdd66ad942011a1254bf4fde4a327418700
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.navigation.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 27681
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-6c21"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.themepunch.revolution.min.js?rev=5.0
185.9.147.100200 OK 65 kB URL HTTP/1.1 armmountstravel.com/js/jquery.themepunch.revolution.min.js?rev=5.0
IP 185.9.147.100:0
File type ASCII text, with very long lines (32767)
Hash a200604ffdb83160cf79138493bad42d
c25dfe0890b6d2180a44dfe3e8ba3bfc30a03c3a
ff60e7b6020c08cebe1e1c57f4fee01c0213dc54c44f1a0138b8ecb002e49360
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.themepunch.revolution.min.js?rev=5.0 HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 65100
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-fe4c"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.imagesloaded.min.js
185.9.147.100200 OK 8.7 kB URL HTTP/1.1 armmountstravel.com/js/jquery.imagesloaded.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (8616)
Hash 0e9d39480a41565941b4a457f28b9450
58d26c06f0f0b4f93670614d13350c9226479294
ab7398e310ab79e487e2330c64e0c386415aa670f9ccb3e154adf2a7d75d1c9d
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.imagesloaded.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 8733
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-221d"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.isotope.min.js
185.9.147.100200 OK 43 kB URL HTTP/1.1 armmountstravel.com/js/jquery.isotope.min.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (32031)
Hash 983c332d6c1caf5ab6e462658de870e0
3b2638c9bb9349934e257f6a21674a80a42fa1d5
a11a7b1736bfb18c04d989be3b710a3d0c84e172b9cc1b7ee0d51e522d271d42
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.isotope.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 42631
Last-Modified: Thu, 30 Aug 2018 12:35:57 GMT
Connection: keep-alive
ETag: "5b87e4ad-a687"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.min.phatvideobg.js
185.9.147.100200 OK 11 kB URL HTTP/1.1 armmountstravel.com/js/jquery.min.phatvideobg.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (1977)
Hash 33d2f75e622a6f78039bb3abc996d038
b3e5a6cf750064599330b05025716f8c3c0481a6
1609d327a886f3b84c857d469d07228ff372301e38cff57f7c9faaba78ba463a
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.phatvideobg.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 11322
Last-Modified: Thu, 30 Aug 2018 12:35:58 GMT
Connection: keep-alive
ETag: "5b87e4ae-2c3a"
Accept-Ranges: bytes
armmountstravel.com/js/jquery.lightcase.min.js
185.9.147.100200 OK 54 kB URL HTTP/1.1 armmountstravel.com/js/jquery.lightcase.min.js
IP 185.9.147.100:0
File type HTML document, ASCII text, with very long lines (1795)
Hash c0e4ad34afc5606d2f8c10578e05bfd1
5c6144891542a9b3c76c38a4639b21d059849f99
37d3dd9084f9e4813b540384404ccd4e82b479019155f265e177897201d75f68
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.lightcase.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 53857
Last-Modified: Sat, 01 Sep 2018 13:44:31 GMT
Connection: keep-alive
ETag: "5b8a97bf-d261"
Accept-Ranges: bytes
armmountstravel.com/js/script.js
185.9.147.100200 OK 25 kB URL HTTP/1.1 armmountstravel.com/js/script.js
IP 185.9.147.100:0
File type ASCII text, with very long lines (1799)
Hash 5c87c2505fb07894234d1cae61c4c099
75fe8d5cc0d3b07cb7982c126607db5e75d57c82
920006791da47ed4f4628325045d573b88198ec4fa4bc92ef020002d150641f1
Analyzer Verdict Alert fortinet Malware
GET /js/script.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 25008
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-61b0"
Accept-Ranges: bytes
armmountstravel.com/img/logo-noha-dark.png
185.9.147.100200 OK 19 kB URL HTTP/1.1 armmountstravel.com/img/logo-noha-dark.png
IP 185.9.147.100:0
File type PNG image data, 150 x 147, 8-bit/color RGBA, non-interlaced\012- data
Hash bb2cb2cd03064a75536db610c776bd38
fdce886a303e90e881efda6168bcaca30e80ce63
bfd366030beeb34810de3e02de7c143de94b8e7ef03061f78be51690aca03e89
GET /img/logo-noha-dark.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 18985
Last-Modified: Thu, 30 Aug 2018 12:35:42 GMT
Connection: keep-alive
ETag: "5b87e49e-4a29"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 02 Sep 2022 15:38:16 GMT
Expires: Fri, 02 Sep 2022 16:14:28 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: foWVZiNFB6ASPe1rk88Ood24PC1ouCaQ7PlAJzyKAfvSE1Z0FUTCZQ==
Age: 524
armmountstravel.com/img/soc1.png
185.9.147.100200 OK 3.1 kB URL HTTP/1.1 armmountstravel.com/img/soc1.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6b707ef345a88da13700a6554b49bab4
28eb963f43c7da1fd6f71f6fea5968e608e8d488
5a1753269b27890551db09d7e4d401df1b82ade7d298871545beb2958d7da01d
GET /img/soc1.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 3072
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-c00"
Accept-Ranges: bytes
armmountstravel.com/img/soc2.png
185.9.147.100200 OK 3.4 kB URL HTTP/1.1 armmountstravel.com/img/soc2.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f50f78546e59207ef50cc1ee7ee80626
6ff431cdfbd31591b70ce26cbb37824c86bdb30d
f93271cfc8769f9a65a4de0981475ab5ef77da353199adfe50709f71e95b3667
GET /img/soc2.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 3408
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-d50"
Accept-Ranges: bytes
armmountstravel.com/img/logo-noha-light.png
185.9.147.100200 OK 15 kB URL HTTP/1.1 armmountstravel.com/img/logo-noha-light.png
IP 185.9.147.100:0
File type PNG image data, 150 x 147, 8-bit/color RGBA, non-interlaced\012- data
Hash 120b0c95abe5773c8d84f7385bade539
360960250eef1b702ebbe19db734b78edf81e9b5
cacdb85314e5ac415583cb160b4e3866dd74b0db5981bb3cfb51d12a5d1e3bcb
GET /img/logo-noha-light.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 15242
Last-Modified: Thu, 30 Aug 2018 12:35:43 GMT
Connection: keep-alive
ETag: "5b87e49f-3b8a"
Accept-Ranges: bytes
armmountstravel.com/assets/demo.css
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/assets/demo.css
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /assets/demo.css HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/slider/1537455029IMG_5115-min.JPG
185.9.147.100200 OK 420 kB URL HTTP/1.1 armmountstravel.com/slider/1537455029IMG_5115-min.JPG
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x700, components 3\012- data
Size 420 kB (419644 bytes)
Hash e1b0a4f0aed8ce22926dd728cbcffeb5
03e2e89e06046474bc59413941616b3375a1418b
61c2b8b3c1c66ad0c40e0457ca80b6d03ee6b8743eac706ab1a430a2bc18f895
Analyzer Verdict Alert fortinet Malware
GET /slider/1537455029IMG_5115-min.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/jpeg
Content-Length: 419644
Last-Modified: Thu, 20 Sep 2018 14:50:29 GMT
Connection: keep-alive
ETag: "5ba3b3b5-6673c"
Accept-Ranges: bytes
armmountstravel.com/img/slide2.jpg
185.9.147.100200 OK 428 kB URL HTTP/1.1 armmountstravel.com/img/slide2.jpg
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1338, components 3\012- data
Size 428 kB (427678 bytes)
Hash a34e62f747942812c53bd7e65feb30a5
b1d956b30f0066efdd28ff059189da96ec4a87c5
08a82b497097bafa489fce872b85a37ee050c6a05b49586b7a80096daae607c8
GET /img/slide2.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/jpeg
Content-Length: 427678
Last-Modified: Wed, 05 Sep 2018 10:53:04 GMT
Connection: keep-alive
ETag: "5b8fb590-6869e"
Accept-Ranges: bytes
armmountstravel.com/img/tour/3.jpg
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/3.jpg
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /img/tour/3.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/img/tour/2.jpg
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/2.jpg
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /img/tour/2.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/img/tour/4.JPG
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/img/tour/4.JPG
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /img/tour/4.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/slider/1536683072slide3.jpg
185.9.147.100200 OK 542 kB URL HTTP/1.1 armmountstravel.com/slider/1536683072slide3.jpg
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1901x1272, components 3\012- data
Size 542 kB (541478 bytes)
Hash 9e7ef91d677f0a551d3c098fac313030
b216b1fd88d1357188b3fcf4dbe5077a489105c4
d044203f227a58926e01f71b94ab7df17f7995315ecdefe45a58a89c0edc35be
GET /slider/1536683072slide3.jpg HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/jpeg
Content-Length: 541478
Last-Modified: Tue, 11 Sep 2018 16:24:32 GMT
Connection: keep-alive
ETag: "5b97ec40-84326"
Accept-Ranges: bytes
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/img/soc5.png
185.9.147.100200 OK 3.2 kB URL HTTP/1.1 armmountstravel.com/img/soc5.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash fba16339f043111dab26005f86aa2aca
44b3b9aa7999e7603f0151059a0d99c1dbc67e43
3f46fdfe4f3811fa2f1e199ebc3c46371b009c83e311f0bd548e48aec4334f3b
GET /img/soc5.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 3231
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-c9f"
Accept-Ranges: bytes
armmountstravel.com/img/soc4.png
185.9.147.100200 OK 3.3 kB URL HTTP/1.1 armmountstravel.com/img/soc4.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d95822130e8774df316f6087bf0fcc05
996b4d1412655df9bc5ca995ebfceb8a62c2f487
06654ae52d9cd7618c808effd4f3353fcf101e266ac90fdd2b5b3493810dea8c
GET /img/soc4.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 3299
Last-Modified: Sat, 01 Sep 2018 12:04:42 GMT
Connection: keep-alive
ETag: "5b8a805a-ce3"
Accept-Ranges: bytes
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/img/soc6.png
185.9.147.100200 OK 733 B URL HTTP/1.1 armmountstravel.com/img/soc6.png
IP 185.9.147.100:0
File type PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced\012- data
Hash 0637167507058c3b454b0487ce1bb9aa
3dde76b970966def42a157c62ddf5f18b24860fd
af5328364c63776bb4f4e372b9da0d371b6330aae1f45853de672849789ef7db
GET /img/soc6.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 733
Last-Modified: Mon, 10 Sep 2018 08:09:31 GMT
Connection: keep-alive
ETag: "5b9626bb-2dd"
Accept-Ranges: bytes
armmountstravel.com/tour/1539095505IMG_5194-min.JPG
185.9.147.100200 OK 179 kB URL HTTP/1.1 armmountstravel.com/tour/1539095505IMG_5194-min.JPG
IP 185.9.147.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x960, components 3\012- data
Size 179 kB (178778 bytes)
Hash 2e410a496a0d0d98c03b354d4fe50ff5
1c7c0b6be5d54d4dd2ec8153e856c26b24b3da5d
d2c5700332c299c7034434baa38d26fa34e6e8dfb2d85d3ac3f55207f9cf5280
Analyzer Verdict Alert fortinet Malware
GET /tour/1539095505IMG_5194-min.JPG HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/jpeg
Content-Length: 178778
Last-Modified: Tue, 09 Oct 2018 14:31:45 GMT
Connection: keep-alive
ETag: "5bbcbbd1-2ba5a"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2468
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 15:47:00 GMT
Last-Modified: Fri, 02 Sep 2022 15:05:52 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
f.vimeocdn.com/js/froogaloop2.min.js
151.101.86.109200 OK 735 B URL HTTP/2 f.vimeocdn.com/js/froogaloop2.min.js
IP 151.101.86.109:0
File type ASCII text, with very long lines (512)
Hash 9e88961f49cefd7dd163c67f54e5fdac
3809b42721a3748ebfd1012f703066028d6741cf
9079dbd235dfe45c6009ede7d6b4c831ea83e2161fad6e5f9858daa3d18453aa
GET /js/froogaloop2.min.js HTTP/1.1
Host: f.vimeocdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=1209600
accept-ranges: bytes
date: Fri, 02 Sep 2022 15:47:00 GMT
age: 292005
x-served-by: cache-iad-kcgs7200123-IAD, cache-bma1682-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1697
x-timer: S1662133621.674589,VS0,VE0
vary: Accept-Encoding,x-http-method-override
content-length: 735
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c2602f132cbedecb0c787974653fbea4
250baf42fe02bbdf022debc0886f5fc87601221b
3a6794b95ea8c4c49b21f71e37675b6a3a4638a72a01f7be20ac07f0902c0b46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 15:47:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
armmountstravel.com/img/favicon.png
185.9.147.100200 OK 9.1 kB URL HTTP/1.1 armmountstravel.com/img/favicon.png
IP 185.9.147.100:0
File type PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced\012- data
Hash dd3594aae2adb2e8d4bf08870a83b929
263953ebd486eeeb3af42bf65d6c3197adcf5cc1
c5455b1b69304457a471de17018f9c6691906bd016d375da13da35901d143c4c
GET /img/favicon.png HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: image/png
Content-Length: 9119
Last-Modified: Thu, 20 Sep 2018 07:51:22 GMT
Connection: keep-alive
ETag: "5ba3517a-239f"
Accept-Ranges: bytes
www.youtube.com/s/player/5a3b6271/www-widgetapi.vflset/www-widgetapi.js
142.250.74.110200 OK 53 kB URL HTTP/2 www.youtube.com/s/player/5a3b6271/www-widgetapi.vflset/www-widgetapi.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (814)
Hash c4d0e1dd895dd614b08729d42dfc3fae
e34b3e5acb369c16b0871f05aa769b784b1154a2
924af0beaec1f20263aa1792937cc089fbb1f06e8b9f4ba63f257a92c91b4836
GET /s/player/5a3b6271/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53414
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 14:58:19 GMT
expires: Fri, 01 Sep 2023 14:58:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Sep 2022 00:17:46 GMT
content-type: text/javascript
age: 89321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5750c2d8ad348838b41b96ebb27b0b81
86526a56637555a0463df607b7b5cf565a439f27
5cbde2bd32be846c5afb1fce35b0f7de0c4aeec9de4213ddd118467ea70c3e62
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 15:47:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.43.61.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.61.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qZwvYzAa9QhtF1u4OWeoPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: joE3lvNOPSr/lgQ0sThgn5/0Cm0=
armmountstravel.com/assets/loader.gif
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/assets/loader.gif
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
GET /assets/loader.gif HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/css/settings.css
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/undefined
185.9.147.100302 Found 211 B URL HTTP/1.1 armmountstravel.com/undefined
IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a9b6cef9bc2b73684febf28fd36a0f8
97e5503ba0f05a99b15434b415997b90beb2d373
9bc641b6dafbc152f7b4885ac917f6685b8705f6a65064dcf887a492174414e8
Analyzer Verdict Alert fortinet Malware
GET /undefined HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://armmountstravel.com/
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/css/settings.css
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
armmountstravel.com/
185.9.147.100200 OK 21 kB IP 185.9.147.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1367)
Hash 647c4dc88024d02495b7eb13d20eca3d
8289e90e6e1be8f0912ec46f0da9104d3d79b7b1
4ec988795999dc20af58a1791112d28c3698e88a9769b2b0365275d8bc44030e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://armmountstravel.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10596
Expires: Fri, 02 Sep 2022 18:43:38 GMT
Date: Fri, 02 Sep 2022 15:47:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10596
Expires: Fri, 02 Sep 2022 18:43:38 GMT
Date: Fri, 02 Sep 2022 15:47:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10596
Expires: Fri, 02 Sep 2022 18:43:38 GMT
Date: Fri, 02 Sep 2022 15:47:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10596
Expires: Fri, 02 Sep 2022 18:43:38 GMT
Date: Fri, 02 Sep 2022 15:47:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
age: 65376
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3cef8f6-078d-43f5-ba9b-fcc5dc69a7f7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3cef8f6-078d-43f5-ba9b-fcc5dc69a7f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cab49f59207f816d98a21cd3fc2c37d1
8a9278f8ff5d149420673649878ca1ee266a0783
aebe0748f049bcb801be83459d4bae66b9c1453de3b0ea7e6a63bea88b6e7a5a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3cef8f6-078d-43f5-ba9b-fcc5dc69a7f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13104
x-amzn-requestid: da627f0c-5cde-4a37-878c-dcada8a25f64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzL6_EYoIAMFiYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631126ac-10dbcb432e6d1af46cffaefe;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: EYnLT-zi94yLohu6F2sovFoJ7UPSlEwh8CTMXR3d9aqGb00jm1f8oQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:32:41 GMT
age: 62061
etag: "8a9278f8ff5d149420673649878ca1ee266a0783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ba50b2fd1814c5ffc95aef40c69ce8c
cbb4546228115cccc122b16209e70171bef5c1f2
de822c8549508b28a07d29b203ae3ef356470df906cba727fc765f1bd14bb866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: 7feebba8-f6b9-4b79-9726-5a7534da277e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyVG5DoAMF_Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112675-3123158f3dcfbd476537ca3c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BOa5zGQyJS9q9bHmtKzlNtyS9ToGPZJkDFo2uY2lzz8Lnd3cZLQEaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:48:18 GMT
age: 61124
etag: "cbb4546228115cccc122b16209e70171bef5c1f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d848f7606889b048b6334e70d8a5e0
85239ef4f2fee8d3345e599bc942cab63ff3aaf6
da6cf33b440b51f72a70f309d62fd581aed246b6a78b8f329fa3899db15ff86d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5889
x-amzn-requestid: 42237574-f86e-4ece-b986-6d0c5910fcc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMVgHajoAMFmXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112756-48ff9d98464cf3c9680d97b4;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:42:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _7BBSlQQucoO5poncTYuX4fcmS4WFg3UcVFXalckGCCNFKJ0h5UpsQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:31:42 GMT
etag: "85239ef4f2fee8d3345e599bc942cab63ff3aaf6"
content-type: image/jpeg
age: 62120
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: 6950a3c5-2cdc-4a21-854c-10d925e32ecd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiYLvHRSIAMFotQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a6d7e-6e98b9a77e592bd01afb1d97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 19:16:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3eBLhLH4APXLyj9kLHXNCFT9ccS_bnBp5INvMI93IFvOuBMERe_GgQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 13:36:12 GMT
age: 7850
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e05660322f0368dd2bf8067d7e4554d
ec65cb47d86488f734c945a210d5f636a40fea2c
98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAMCgNpYR80vXSDyHFOFcbT8VukBemR2AGoGNaCfYaszKshu-gv6zg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:54:15 GMT
age: 64367
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07bb4db4-56e2-4430-909b-976597aba501.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07bb4db4-56e2-4430-909b-976597aba501.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1c779e7aabb3a1f345a82155f80d595
b9ef3333987cfc271b81bafc90a353d9d135b04b
0a2e1e59853593878a416c9aa6604ce0389903d03144e8a6441901b700270fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07bb4db4-56e2-4430-909b-976597aba501.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13253
x-amzn-requestid: 372e3029-5c62-431c-9610-9045be377566
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqCtkFu8IAMFeLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d7e56-4d7bb8b503cc59e901844669;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 03:04:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yErlZiyER3pmTYsd5lji_zmpI8FzknnMrQEPTIlgalmrrY5dRFsRJA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 05:32:59 GMT
age: 36849
etag: "b9ef3333987cfc271b81bafc90a353d9d135b04b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
armmountstravel.com/js/revolution.extension.video.min.js
185.9.147.100200 OK 0 B URL HTTP/1.1 armmountstravel.com/js/revolution.extension.video.min.js
IP 185.9.147.100:0
Analyzer Verdict Alert fortinet Malware
GET /js/revolution.extension.video.min.js HTTP/1.1
Host: armmountstravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://armmountstravel.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Fri, 02 Sep 2022 15:47:00 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 25681
Last-Modified: Thu, 30 Aug 2018 12:35:59 GMT
Connection: keep-alive
ETag: "5b87e4af-6451"
Accept-Ranges: bytes
www.youtube.com/iframe_api
142.250.74.110200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.110:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://armmountstravel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Fri, 02 Sep 2022 15:47:00 GMT
date: Fri, 02 Sep 2022 15:47:00 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Fu8IGzJv0fI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=9HgYlVgnt9Q; Domain=.youtube.com; Expires=Wed, 01-Mar-2023 15:47:00 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+897; expires=Sun, 01-Sep-2024 15:47:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2