r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7768
Expires: Mon, 28 Nov 2022 19:04:06 GMT
Date: Mon, 28 Nov 2022 16:54:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5371
Cache-Control: max-age=155174
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:38 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 12:00:52 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 16:19:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2106
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9968
Expires: Mon, 28 Nov 2022 19:40:46 GMT
Date: Mon, 28 Nov 2022 16:54:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: w+93YNLgddg1s/nzIXjr64d6jJQc95JgxOMzBfkYtp/R2VxGMWYzLHje9KSfbDv6MiWT3JqDzKU=
x-amz-request-id: HSAR3Y9KCYXK8G2Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 16:42:08 GMT
age: 750
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 16:08:55 GMT
cache-control: public,max-age=3600
age: 2743
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5270
Cache-Control: max-age=150006
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:39 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:34:45 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.43.61.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.61.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ygRNMa8CF1aOV3h+H/HBkQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3v6eqt6FxBw4C0fD1Dak8vCijAA=
mirakezel.com/book-flight-and-hotel-deals
107.180.21.239301 Moved Permanently 0 B URL HTTP/1.1 mirakezel.com/book-flight-and-hotel-deals
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /book-flight-and-hotel-deals HTTP/1.1
Host: mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 16:54:38 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: http://www.mirakezel.com/book-flight-and-hotel-deals/
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5922
Expires: Mon, 28 Nov 2022 18:33:22 GMT
Date: Mon, 28 Nov 2022 16:54:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5922
Expires: Mon, 28 Nov 2022 18:33:22 GMT
Date: Mon, 28 Nov 2022 16:54:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5922
Expires: Mon, 28 Nov 2022 18:33:22 GMT
Date: Mon, 28 Nov 2022 16:54:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 68004
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 68577
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 67994
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZJu4cMNnQTavxqB1MnRFluzfZC59BcUnIHgXh9h6LJWYgsFL83rHoQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 16:15:25 GMT
age: 2355
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 31381
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a6e5f60b87d3879606a6707feb37a73
373c96c2e0006d70954d4b4ebd850f62f558e92c
1ae48f692f44d357e21eec708b46f22c36a3de21be8d0f1c2035d197e0aa89de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9546
x-amzn-requestid: 60e352b5-ab38-4975-bf26-500f0a639a2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFfulExwIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637edff6-1364912f7fd292da6453a83e;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 03:07:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qtRAIXoswvTgNWZzaQE1WHZQXoJRtK9nKpusFtXH3pDRHH_DZtsLFw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 11:59:09 GMT
age: 17731
etag: "373c96c2e0006d70954d4b4ebd850f62f558e92c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.mirakezel.com/book-flight-and-hotel-deals/
107.180.21.239200 OK 15 kB URL HTTP/1.1 www.mirakezel.com/book-flight-and-hotel-deals/
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1902), with CRLF, LF line terminators
Hash 0abee14de7bade911fbee3de176529fb
e31963cd0f89ab874cea4f06b750c7951be84640
364a441fb38e3435d208ed081c66b6bff6b81a8b683200571570ea78d0932b87
Analyzer Verdict Alert fortinet Malware
GET /book-flight-and-hotel-deals/ HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:39 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Link: <http://www.mirakezel.com/wp-json/>; rel="https://api.w.org/", <http://www.mirakezel.com/?p=679>; rel=shortlink
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15075
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5703
Cache-Control: max-age=142898
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:36:19 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278
www.travelpayouts.com/widgets/0888709be70490943fdec9368c3de754.js?v=1449
172.255.224.36302 Found 0 B URL HTTP/1.1 www.travelpayouts.com/widgets/0888709be70490943fdec9368c3de754.js?v=1449
IP 172.255.224.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widgets/0888709be70490943fdec9368c3de754.js?v=1449 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 302 Found
content-length: 0
location: https://www.travelpayouts.com/widgets/0888709be70490943fdec9368c3de754.js?v=1449
cache-control: no-cache
www.mirakezel.com/wp-content/themes/hestia-pro/assets/bootstrap/css/bootstrap.min.css?ver=1.0.2
107.180.21.239200 OK 13 kB URL HTTP/1.1 www.mirakezel.com/wp-content/themes/hestia-pro/assets/bootstrap/css/bootstrap.min.css?ver=1.0.2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (64975)
Hash c97a8ea18e1d9cc78e3f38a65453473f
860eb2ff418cfbbd1c9159eb88cc98b8f633235f
ab85ccd7502f2ee5aebe452341950f1a9901563c0de0077a068002347cb40758
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hestia-pro/assets/bootstrap/css/bootstrap.min.css?ver=1.0.2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:37:20 GMT
ETag: "5381ba2-11fac-585b625580257-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12974
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
img1.wsimg.com/traffic-assets/js/tccl.min.js
23.36.79.43302 Found 0 B URL HTTP/2 img1.wsimg.com/traffic-assets/js/tccl.min.js
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /traffic-assets/js/tccl.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
cache-control: max-age=1800
expires: Mon, 28 Nov 2022 17:24:41 GMT
date: Mon, 28 Nov 2022 16:54:41 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/traffic-assets/js/tccl-tti.min.js
23.36.79.43302 Found 0 B URL HTTP/2 img1.wsimg.com/traffic-assets/js/tccl-tti.min.js
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /traffic-assets/js/tccl-tti.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
cache-control: max-age=1800
expires: Mon, 28 Nov 2022 17:24:41 GMT
date: Mon, 28 Nov 2022 16:54:41 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5703
Cache-Control: max-age=142898
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:36:19 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278
www.mirakezel.com/wp-content/themes/hestia-pro/assets/css/font-sizes.min.css?ver=2.4.2
107.180.21.239200 OK 751 B URL HTTP/1.1 www.mirakezel.com/wp-content/themes/hestia-pro/assets/css/font-sizes.min.css?ver=2.4.2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (3711)
Hash 1c4750dec0da3c9c0763e415c638581c
04b3c6315a4841e5fdc04910466c94c7046753c2
6ae55283f4beb017d38ca960d99b253a679f658a11639dbb96bbe45bdd1b4db5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hestia-pro/assets/css/font-sizes.min.css?ver=2.4.2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 04 Apr 2019 15:37:20 GMT
ETag: "5382108-e80-585b625588728-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 751
Keep-Alive: timeout=5
Content-Type: text/css
img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
23.36.79.43200 OK 7.5 kB URL HTTP/2 img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (24676)
Hash b8a5a228a358454084c34dd1cf431c61
37aa5fe6e083b8147156ca66a1993a7bd74e8a61
06fae5ccf58a27a8e2ae6a0e7722f42db507c1873751f587cddd090810d94492
GET /wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js HTTP/1.1
Host: img6.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
content-encoding: br
etag: "ce554d2333f3801abafb32da18213ff7"
last-modified: Mon, 17 Jan 2022 17:21:37 GMT
vary: Accept-Encoding
x-edgeconnect-midmile-rtt: 8
x-edgeconnect-origin-mex-latency: 357
x-amz-id-2: nldPfdb2FYbpxPRfMYRSd83AOL7ZmlBdZQSm5hguJELKdfn8+sza0oLEpTYjiKd2JeD3gDplFHw=
x-amz-request-id: RJ3J3PMANG6125DE
x-amz-server-side-encryption: AES256
x-amz-version-id: F4fYptXBkP0fCCCWFLfVGE1HXlZmORny
content-length: 7498
x-edgeconnect-cache-status: 1
cache-control: max-age=31536000
date: Mon, 28 Nov 2022 16:54:41 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=2.8.0
104.18.10.207200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=2.8.0
IP 104.18.10.207:0
File type ASCII text, with very long lines (30837)
Hash 0009124a014de201c2bf5b978bfe8a1c
5983794191a277c35b59e9fc63fad54035c52894
a54805250e073255fa9864a1339adf5f3be69a5ef472d437b80065d67760718f
GET /font-awesome/4.7.0/css/font-awesome.min.css?ver=2.8.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:54:41 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 46d7ff2c198e671b8662b198a762daf9
cdn-cache: HIT
cf-cache-status: HIT
age: 15097618
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7714a07c6e6bb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.mirakezel.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.14
107.180.21.239200 OK 6.1 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (41045), with no line terminators
Hash e249e51bc3661ceb614f1ad31574c939
ca981ab391193e11e93775f3c25abc452b0e3908
950b57fc13a5c515fffe9c67a69da06e9e833430253210d0cd9fe4aff93d667f
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 10 Jun 2020 15:48:08 GMT
ETag: "52a0507-a055-5a7bcc5379e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6132
Keep-Alive: timeout=5
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/all.min.css?ver=5.3.14
107.180.21.239200 OK 10 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/all.min.css?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (46750)
Hash 42d0c6f252fc43096350ba0e6f3e8788
00d67bc242abeb1fff8cf0a28a9e29442295bb43
bb9d03aaa7e3f0a75d016494a97f813ea4ce0842c7e5267f2621a15667884215
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/all.min.css?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 04 Apr 2019 15:15:14 GMT
ETag: "52c18ad-b752-585b5d64b6963-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10208
Keep-Alive: timeout=5
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/v4-shims.min.css?ver=5.3.14
107.180.21.239200 OK 4.2 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/v4-shims.min.css?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (26508)
Hash cdd960b2c5aaea08f888da32430479ea
1bb4b1f4de2be2f44f3cb98d495b6a9cde99d4ec
af18ce66ae5b8564ee21d47509adc2c0bec6f855cfaf0994d48c4920be50dc6b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/v4-shims.min.css?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 04 Apr 2019 15:15:14 GMT
ETag: "52c1aa7-6840-585b5d64b9073-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4207
Keep-Alive: timeout=5
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/js_composer1/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.7
107.180.21.239200 OK 7.0 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/js_composer1/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.7
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (30449)
Hash 8063116190a065a58dc545fec81d8ce5
20e4bf239450f01eb800bb37ef8e771366e8f8a6
ee2fb2d879295b26dab2900936501dd9ebb648e22e0bcb0bc113524c8f23cc20
GET /wp-content/plugins/js_composer1/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.7 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 13 Feb 2019 13:01:38 GMT
ETag: "53a0425-7793-581c6246c8db8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6970
Keep-Alive: timeout=5
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/themeisle-companion/vendor/codeinwp/gutenberg-blocks/build/style.css?ver=5.3.14
107.180.21.239200 OK 3.8 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/themeisle-companion/vendor/codeinwp/gutenberg-blocks/build/style.css?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (10649)
Hash a7864b56d705423b9aa07f9c20f27cd9
e13e716eb0b64c998b6c32d1545c7b8dd5bb3aec
10fa5951b2f21271e2e4a7c387531b33e94460b5903d71bd72b2f7e638acc1b8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/themeisle-companion/vendor/codeinwp/gutenberg-blocks/build/style.css?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:08 GMT
ETag: "52c161f-73ca-585b5d5f4e0ee-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3827
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
107.180.21.239200 OK 651 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash f026e73e8b072cc3ae1491702b9c491a
5cf262adbd7a8a0d067230081688c0f8fe6c36f8
c2340e9fff602440a6a9daadf0e90fc5eb265bd6fbd495d77d7891a303575b29
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 23 Jan 2019 14:04:48 GMT
ETag: "5183a7f-695-5802093a64d9a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 651
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/easy-video-player/lib/skin/skin.css?ver=5.3.14
107.180.21.239200 OK 6.2 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/easy-video-player/lib/skin/skin.css?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (1263)
Hash f1eb7b173cd8ce3f28890f3a3619d674
b1ce33bbb6456c1843b037c2a957db342d8244e9
56dbcca71fafcc10ae0852b51fa308faca5ab3e3669fb406cb09262b656f5622
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/easy-video-player/lib/skin/skin.css?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 13 Feb 2019 12:37:23 GMT
ETag: "52209b6-9ec8-581c5cdb43232-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6238
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8
107.180.21.239200 OK 9.5 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (5178), with CRLF line terminators
Hash d263d5eaa7c883c3657af7dbb878b8a1
3d7423e15e86031092227572a6bfea1d1400ce9e
adf2c10039a96f761770b8744b46b019d0e80b2c1ee5d2eb077bae0e19a23a43
GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Sat, 28 Jul 2018 17:36:48 GMT
ETag: "52e13b0-9b46-57212ac3c5545-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9545
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/instagram-feed/css/sb-instagram.min.css?ver=1.12
107.180.21.239200 OK 2.4 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/instagram-feed/css/sb-instagram.min.css?ver=1.12
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (13118), with no line terminators
Hash 3d2c75e91c406866b44c97dcf30d4c93
a043586b22bb1aa68e8ebfae8baa999b22466231
eedc3773d408d90e844373dd7b439a7febbea9afc608efeb93cdb3d67185a873
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/instagram-feed/css/sb-instagram.min.css?ver=1.12 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:14:13 GMT
ETag: "5222a75-333e-585b5d2a69743-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2396
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/menu-icons/css/public.css?ver=2.8.0
107.180.21.239200 OK 168 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/menu-icons/css/public.css?ver=2.8.0
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 48eccb8a12ec7d137f8b871433643980
9238ee3c6379e9f41e0558f79a626838ace03201
97275a1cea692322a306147ae3b00827ce944c06a8e5fe8f335c5cae1500f450
GET /wp-content/plugins/themeisle-companion/obfx_modules/menu-icons/css/public.css?ver=2.8.0 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:14 GMT
ETag: "52c1c72-12e-585b5d64dfd8c-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 168
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/themes/flight/css/main.css?ver=0.7.9
107.180.21.239200 OK 2.8 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/themes/flight/css/main.css?ver=0.7.9
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (344), with CRLF line terminators
Hash e785e6e76d43c49019d4ebf287b5f369
f7bc83528ef2c370b994fc7879eeafce80dbfc6a
fff31f00053c5bc74caa6abcc2fb7a02fb95f1dc7fae898564c80c63cafccffe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/themes/flight/css/main.css?ver=0.7.9 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:40 GMT
ETag: "52839d0-3f11-585b5d7d8d04a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2818
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/themes/hotel/css/table-8.css?ver=0.7.9
107.180.21.239200 OK 2.7 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/themes/hotel/css/table-8.css?ver=0.7.9
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 6c4a4707cf4ad9a6b4ff3a0724457296
0ba10ebad71da5546351aef15a2fa58beb947288
c42cd5a38cd0b587d363dafded132e8120b52cacdf190bbbcca4315c252571eb
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/themes/hotel/css/table-8.css?ver=0.7.9 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:40 GMT
ETag: "52839ec-3993-585b5d7d906fa-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2685
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-includes/css/dashicons.min.css?ver=5.3.14
107.180.21.239200 OK 28 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/css/dashicons.min.css?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (47529)
Hash a90a88620f0674bd9f3513bc08163837
51fbb6809692541a3b2022048f0f509ff26d1b6b
87389a63f1fa87832527f41bc873850d689b9c1da632b18315483100f654ed68
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dashicons.min.css?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Fri, 26 Mar 2021 19:23:55 GMT
ETag: "52a0551-b9cc-5be75790e88c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/themes/railway/css/main.css?ver=0.7.9
107.180.21.239200 OK 3.6 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/themes/railway/css/main.css?ver=0.7.9
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 96bccaa703e1fcc5289851c4733abc72
89c40f5e45b032c29f2e49ce291b88bf987cbf7b
7410ba2363ad1d4fdff64b6ac2e8223ccfb3f7b22e3f75f4f850d07ad25a5ccf
GET /wp-content/plugins/travelpayouts/app/public/themes/railway/css/main.css?ver=0.7.9 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:43 GMT
ETag: "5283a1d-5131-585b5d80ef7a5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3567
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/pikaday.css
107.180.21.239200 OK 1.6 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/pikaday.css
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 4c77ae544a082ac059189701c56c6856
a30c1edbf107345a749ac4c05994d8b0e796f545
0b575e0a96e3b8e8cb0c61d8e3f39680020b784c8c29c126e147f4c6ac75549b
GET /wp-content/plugins/travelpayouts/app/public/css/lib/pikaday.css HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:47 GMT
ETag: "5283aa8-124c-585b5d8495521-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1612
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/jquery-ui/jquery-ui.min.css
107.180.21.239200 OK 4.8 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/jquery-ui/jquery-ui.min.css
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (25087)
Hash 9587d76cd11d9b5ef4a016de2d38925f
1d35e0cc04f9c59e0d720c0d50dfe7d649634cab
ab63613939f25cc32978b5145e715dc4bda7cc6ce6798c006aafc3a2286125e6
GET /wp-content/plugins/travelpayouts/app/public/css/lib/jquery-ui/jquery-ui.min.css HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:47 GMT
ETag: "5283a8f-63a3-585b5d8493db1-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4792
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5703
Cache-Control: max-age=142898
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:36:19 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/fontello.css
107.180.21.239200 OK 1.5 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/fontello.css
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash c5fc3399e54eee3330f45b7244e1cf7d
5684ee2d25814d59c0d1169242885d47e770b4c1
df777954de7b3e7f8583d82fc870caf9d6631b9b968ffc13431407868c0e4cd4
GET /wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/fontello.css HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:47 GMT
ETag: "5283aa2-14ec-585b5d8495521-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1480
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/animation.css
107.180.21.239200 OK 232 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/animation.css
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash e155549c56360a55aa4f067dce4e3ac6
09cca3d604d0137d5d4b39eef04fa4b61cb9cac7
4d77d6c6ea5107bd4c5e8f326408931eec84fd5b5c0c270288b8e593ca978008
GET /wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/animation.css HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:47 GMT
ETag: "5283aa4-741-585b5d8495521-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 232
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/TPCurrencyMainNew.css
107.180.21.239200 OK 474 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/TPCurrencyMainNew.css
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash ba46d10bc65c2cf87325143e60d0d96e
13fb096f06b793298322222a1555f3163893ddac
4fad4f9f2ebef232ec7b12ca05473a122118ceb7e2bc91ce0d8582163f6e7684
GET /wp-content/plugins/travelpayouts/app/public/css/lib/currency_fonts_new/css/TPCurrencyMainNew.css HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:47 GMT
ETag: "5283aa5-4f7-585b5d8495521-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 474
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/widgets-on-pages/public/css/widgets-on-pages-public.css?ver=1.4.0
107.180.21.239200 OK 81 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/widgets-on-pages/public/css/widgets-on-pages-public.css?ver=1.4.0
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 6f91dacbf99db7929d73fcbe2ead101c
c2ac367feb373035b2eef224514abc9070f94931
ccd79ddd8eb9df8448fb6bb1a9f5a8038b727ff4912a00ab499bf586a90d8558
GET /wp-content/plugins/widgets-on-pages/public/css/widgets-on-pages-public.css?ver=1.4.0 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 01 Aug 2018 15:48:01 GMT
ETag: "5223476-53-572619e8dca43-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 81
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d6cf3c068aef1f3cea0a270d4712c93
d9166fd8655eae5889e5d3cee6db24f2f8a12871
0e4f7cbedb3f04892ed919d45b4c059917fd5505da54b054737af5fc34c06704
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4F7CBEDB3F04892ED919D45B4C059917FD5505DA54B054737AF5FC34C06704"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18723
Expires: Mon, 28 Nov 2022 22:06:44 GMT
Date: Mon, 28 Nov 2022 16:54:41 GMT
Connection: keep-alive
www.mirakezel.com/wp-content/plugins/bookingcom-banner-creator/css/bdotcom_bc_general.css?ver=1.1
107.180.21.239200 OK 1.2 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/bookingcom-banner-creator/css/bdotcom_bc_general.css?ver=1.1
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash ef6c285ba7f8c21b7601dc8819f08557
1465e9278a2839936021cc7785b0525b8d6fdab0
b78573db363062116db1d27bd86c777fda26a74bf2cf3e8d55f8249c4152082c
GET /wp-content/plugins/bookingcom-banner-creator/css/bdotcom_bc_general.css?ver=1.1 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 01 Aug 2018 15:18:18 GMT
ETag: "522345a-ed9-57261344921f6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1236
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/v0/amp-auto-ads-0.1.js
216.58.211.1200 OK 7.6 kB URL HTTP/2 cdn.ampproject.org/v0/amp-auto-ads-0.1.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (24963)
Hash 7e4f71cee27b658812e9889473a0204b
6f6e9597e974b5bcc9a59763f1002e8a1864520f
7f3733840227a357ecad89fa1d9de64d0f78f90c9509db2bb6fd30b8ac36a1ed
GET /v0/amp-auto-ads-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 7578
date: Mon, 28 Nov 2022 16:54:41 GMT
expires: Mon, 28 Nov 2022 16:54:41 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "1ef491f2ce412f6e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mirakezel.com/wp-content/plugins/bookingcom-official-searchbox/css/bos_searchbox.css?ver=1.4
107.180.21.239200 OK 1.4 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/bookingcom-official-searchbox/css/bos_searchbox.css?ver=1.4
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (303)
Hash 1f1f733e9fd8ccd1a0c96e5f71f17893
79e72167909e0a6b7c857a19aeba3f0b7c0ef261
4b6be4e0f9ba2d5f8d2d564a21f677eae9fb0848b78ebf986ffe22b31c7026bf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/bookingcom-official-searchbox/css/bos_searchbox.css?ver=1.4 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:13:28 GMT
ETag: "51a0719-1895-585b5cffe8ff8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1401
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
107.180.21.239200 OK 4.0 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9959)
Hash a6c81e2f02bd04160d2de88c4e8f3559
e3f3c91427d785820ca97dabe738f01faf041f36
b734d83af5da0eb627e04d3e62ce652b9eb7de19667a1b91da6b93f0ea5d7ffe
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Fri, 20 May 2016 06:11:28 GMT
ETag: "52a0aac-2748-5333ff613c400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4014
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.mirakezel.com/wp-content/themes/hestia-pro/style.min.css?ver=2.4.2
107.180.21.239200 OK 30 kB URL HTTP/1.1 www.mirakezel.com/wp-content/themes/hestia-pro/style.min.css?ver=2.4.2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
Hash e229d26f2e1afea17378f30a1af3edbb
1522afb5885105ab7b25be1bba464da54a880dbd
eab841a1dd0ce6f4728179918a5f7c98a9f2f6f439f9aefef4704e965f59153c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hestia-pro/style.min.css?ver=2.4.2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:37:14 GMT
ETag: "53816eb-2fab2-585b624f56811-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 29805
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-content/plugins/pirate-forms/public/js/custom-spam.js?ver=5.3.14
107.180.21.239200 OK 499 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/pirate-forms/public/js/custom-spam.js?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 53647433307d4a4baf8b3d0c9ec69b0f
6907840ada4eb0105fe9324482ae0e79115aad53
e45adb65fd8850b39416725476ae5fe79b6e743f7ab0318f4df5e6658f686d1d
GET /wp-content/plugins/pirate-forms/public/js/custom-spam.js?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 13 Feb 2019 12:37:44 GMT
ETag: "5222ac3-4fc-581c5cef22553-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 499
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/js_composer1/assets/css/js_composer.min.css?ver=5.7
107.180.21.239200 OK 46 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/js_composer1/assets/css/js_composer.min.css?ver=5.7
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4cf73362be72b477287acbb3f7737f86
3c3e185f11497b3fc06fbb6b0e1932bf7f5dfb3d
c9e79d70c80ee8ee7114b162dc07a1fda6a6fe6e1cd7af94d8aba516e36a0a14
GET /wp-content/plugins/js_composer1/assets/css/js_composer.min.css?ver=5.7 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 13 Feb 2019 12:53:07 GMT
ETag: "538223b-76596-581c606034b99-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 45591
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
www.mirakezel.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
107.180.21.239200 OK 34 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (31997)
Hash acf54950dfb2d6981e941d733b377591
340de686aecd9e6246a32c71e7de63ed69229ceb
d97f66caea5260bc71609f0da43ac0d937ecc09253910e5dda4c9fe4dbde20fc
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Fri, 17 May 2019 04:25:54 GMT
ETag: "52a0ab3-17a69-5890dc7401880-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33776
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8
107.180.21.239200 OK 18 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (64614), with CRLF line terminators
Hash b300af7280cf82d31e7f0b75c128598c
66b506bb8254f08ffe57c2b1e42722b73464670f
feffecee338ad546654ada73f52882c96356f6882a3e59cb540878415d77db1d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Sat, 28 Jul 2018 17:36:47 GMT
ETag: "52c1fdb-fdb5-57212ac2c8e35-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18090
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
107.180.21.239200 OK 4.0 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 179ff7e7ba061cb009f29849fc15f071
f824ebc474c27b208137b68aa51d5d0d2b3a89e9
b889c73e9da05e33847d3ab6f1f98c172204c3e4cb2e4832863695f34e2270de
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Wed, 23 Jan 2019 14:04:48 GMT
ETag: "5182fa1-3868-5802093a641e2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3993
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/instagram-feed/js/sb-instagram.min.js?ver=1.12
107.180.21.239200 OK 18 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/instagram-feed/js/sb-instagram.min.js?ver=1.12
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 520db6ec3dea176d5606076d2e96dfe5
5e880feea931250b348f5953ae901e1895b8e79f
615be50481b720230e11ea0dd1ded50dd6734d98a0280a9b0edcd05cad8fb023
GET /wp-content/plugins/instagram-feed/js/sb-instagram.min.js?ver=1.12 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:14:13 GMT
ETag: "5222a55-185c7-585b5d2a67beb-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17512
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
107.180.21.239200 OK 1.8 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (3704)
Hash 8681c8c59fe450daeacc2f499e351dfe
1bedefb4c8fa62628816eaeea85677d637a6e4e0
d2160a6f66510d16512fd1fd387aee7d3763f0b4799273125faa777128dc5430
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2021 03:16:11 GMT
ETag: "52a0abb-f59-5ba8e3df2d4c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1811
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/easy-video-player/lib/flowplayer.min.js?ver=5.3.14
107.180.21.239200 OK 53 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/easy-video-player/lib/flowplayer.min.js?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65447)
Hash a2348316a813535ca05f026c2ef0e4c5
b04f4f00fde017b3fe332d6a859d12b05c68cbd6
2fa761ad3a8b889988ea3207ec87474ab3866328a2ad6ce9b8f341aba95c3b48
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/easy-video-player/lib/flowplayer.min.js?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Wed, 13 Feb 2019 12:37:23 GMT
ETag: "52209b8-291d4-581c5cdb43232-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
www.mirakezel.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
107.180.21.239200 OK 2.5 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (6603)
Hash ec6dcd00af82068551b3a60045c86824
140ac89dc8ae6ffebecb269e0ebd88bfbc0c2686
1a9a7a2329ce40bd74814e4f6acaddce722e9b53187fb109f39e793ffe50c46e
GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Fri, 26 Mar 2021 19:23:55 GMT
ETag: "52a0abc-1aab-5be75790e88c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2543
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
107.180.21.239200 OK 3.9 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11799)
Hash 5161d2a825bfa5b106ebe58d2e25b636
225e440157352bf035e890135061e69af31a2510
b891a497aefe96daf9122919aebd02692c05566da7928f29c2198278f9856d7e
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Fri, 26 Mar 2021 19:23:55 GMT
ETag: "52a0ab7-2eec-5be75790e88c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3855
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8
107.180.21.239200 OK 38 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (27287), with CRLF line terminators
Hash 33ad97fbd5f6d0ad97af5461cc857da3
a975057df83659e526059661a2dae1a5a4d23fe2
ba0476734001e6e0808e7882a24852cf298dacac37b2beaf2c17718d2032afb2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:41 GMT
Server: Apache
Last-Modified: Sat, 28 Jul 2018 17:36:47 GMT
ETag: "52c1fda-1afe4-57212ac2c8a4d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 38337
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/date.format.js
107.180.21.239200 OK 1.8 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/date.format.js
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash b34085d13fd7853d0fbd72fe7e24c3be
71cdaf59c5acbf7d3dbbdd21fb60eca593a42000
d6d1893df1781808c5ccc1a21b7e19ce5f2c4e72a94614a28d77defba3303d2b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/date.format.js HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:35 GMT
ETag: "5283997-f2d-585b5d79022ba-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1804
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/elfsight-social-media-icons-cc/assets/elfsight-social-media-icons.js?ver=1.1.0
107.180.21.239200 OK 41 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/elfsight-social-media-icons-cc/assets/elfsight-social-media-icons.js?ver=1.1.0
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65381)
Hash e800c707285739f0ebf58d4943e02593
9197d48ad3154e95b665d21b04ba3f63a2e87aa0
fcd8346aa76330f6bf3881377b20110e05db13f97c7e0de92ce4c88506b67a61
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elfsight-social-media-icons-cc/assets/elfsight-social-media-icons.js?ver=1.1.0 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Sun, 29 Jul 2018 03:40:19 GMT
ETag: "5300c12-28b88-5721b1a966673-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 40556
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.js
107.180.21.239200 OK 9.7 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.js
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e73dc2c9c3fc96bf6611a59205524fb0
dcb0e4cdf81db9d882b42719c2dd76690bee6ef1
93da4e42b044a8b08bfcf1d92270e47f08ca1aa77df19427ee9efc852c7a4c48
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.js HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:35 GMT
ETag: "5283994-b4ba-585b5d7901ed2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9718
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.jquery.js
107.180.21.239200 OK 631 B URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.jquery.js
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 75a8ea2024daacf1caca11ea27be7c53
dc2f55562846bf0d65b5d9453c75e4ebb15c8d70
a8f9871a9d27fa948c94ee501d49b8631bf2d9c56d31142beba5f8a088ae3c0a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/pikaday.jquery.js HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:35 GMT
ETag: "5283990-5fb-585b5d7901aea-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 631
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/site/TPPlugin.js
107.180.21.239200 OK 4.3 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/site/TPPlugin.js
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 481f2db027f5e207ab57495d0ec79091
527fcf897d6c2ab42fe382f34f0f7788cf96f91b
b8feeed1936345d8bdaf96c09bc410084f4f69e80470569c54c500fbb882bf22
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/site/TPPlugin.js HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:35 GMT
ETag: "5283871-4ffe-585b5d78fe439-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4259
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-includes/js/comment-reply.min.js?ver=5.3.14
107.180.21.239200 OK 1.1 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/comment-reply.min.js?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (2337), with no line terminators
Hash 7735003b7e944da3b7243ff1b7154ea2
49b2bcc84b13060be0104b5fa2b605ce549f735b
0a9b6c4d112f01e0fce026b91567f4cb562d8019dff557aaafe7fad2b4328e0d
GET /wp-includes/js/comment-reply.min.js?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Fri, 26 Mar 2021 19:23:55 GMT
ETag: "52a07b1-921-5be75790e88c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1115
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/jquery.dataTables.min.js
107.180.21.239200 OK 28 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/travelpayouts/app/public/js/lib/jquery.dataTables.min.js
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (557)
Hash 39a6ba7b8418fe5f6bbf33cf34e8092b
0e7d248bf605f2de9667b5fe01c507a47068c3cd
a96436b84b813bd6c17252184dee27850992fba610059ad33aae400c7ec36983
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/app/public/js/lib/jquery.dataTables.min.js HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:35 GMT
ETag: "528399e-142ce-585b5d7951073-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27986
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/themes/hestia-pro/assets/bootstrap/js/bootstrap.min.js?ver=1.0.2
107.180.21.239200 OK 6.8 kB URL HTTP/1.1 www.mirakezel.com/wp-content/themes/hestia-pro/assets/bootstrap/js/bootstrap.min.js?ver=1.0.2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (23366)
Hash 167d044594ee9981755eca08dd694a8a
154fc2492bf0062d734f5eedaaa6a60855a66787
075de0016aeb17f35bc600457f17feb9f038df405a24bb1915c5461f82e6e920
GET /wp-content/themes/hestia-pro/assets/bootstrap/js/bootstrap.min.js?ver=1.0.2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:37:20 GMT
ETag: "5381b9f-5cd3-585b62557fe6f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6752
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1669654481728
54.230.111.114301 Moved Permanently 167 B URL HTTP/1.1 aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1669654481728
IP 54.230.111.114:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /static/affiliate_base/js/flexiproduct.js?v=1669654481728 HTTP/1.1
Host: aff.bstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 28 Nov 2022 16:54:42 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1669654481728
X-Cache: Redirect from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e-X48yPj7uDnbP6HPjG-ifmZ32KsrZZ68SVa2QI_IgOhIaVA9N3sNA==
www.mirakezel.com/wp-content/themes/hestia-pro/assets/js/script.min.js?ver=2.4.2
107.180.21.239200 OK 13 kB URL HTTP/1.1 www.mirakezel.com/wp-content/themes/hestia-pro/assets/js/script.min.js?ver=2.4.2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (42017), with no line terminators
Hash 9a6de05e71297282e1bd16679b1909e1
dc07d08453fbce957046d6586152d60bb53b0efe
3061692028929dedb6f6ff71e9ff1e366c784545b9cc502918758b562dfbf08f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hestia-pro/assets/js/script.min.js?ver=2.4.2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:37:18 GMT
ETag: "5381b97-a423-585b6253a4509-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13036
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.mirakezel.com/wp-content/plugins/bookingcom-official-searchbox/js/bos_main.js?ver=1.2
107.180.21.239200 OK 1.1 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/bookingcom-official-searchbox/js/bos_main.js?ver=1.2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash e9985e87507c0fc60b6900cfa163c426
5e3e0bfcea69d9a7a5e5be3647d5286126899545
8357c4232b48842b3eda8334cf49848452b1209c6da4c50b7de3c725e43bac54
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/bookingcom-official-searchbox/js/bos_main.js?ver=1.2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:13:28 GMT
ETag: "51a06dc-eaf-585b5cffe5560-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1147
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:21 GMT
expires: Thu, 23 Nov 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 422421
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mirakezel.com/wp-includes/js/wp-emoji-release.min.js?ver=5.3.14
107.180.21.239200 OK 4.6 kB URL HTTP/1.1 www.mirakezel.com/wp-includes/js/wp-emoji-release.min.js?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (10927)
Hash cecddf5ddbcefd9b5e6e2c9ccf2b0f88
47af5b49999884a7baa802269b58844df86adda3
17273e8bdfa2d374b963fda5ed3fff219ee4d53031356c6181430f92aea473e7
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2021 03:16:11 GMT
ETag: "52a0bd8-3619-5ba8e3df2d4c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4619
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 424853
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mirakezel.com/wp-content/plugins/bookingcom-official-searchbox/js/bos_date.js?ver=1.0
107.180.21.239200 OK 4.5 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/bookingcom-official-searchbox/js/bos_date.js?ver=1.0
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash 5673ca84770cd6a8ece68e0779b70ccc
b087104f98d65b96952498472e3146f833d2f8e0
c3fdb22aa5d316f68b11513fd192d9961db60ff0cbd0702c9b0bcd04f3e3bc4b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/bookingcom-official-searchbox/js/bos_date.js?ver=1.0 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:13:28 GMT
ETag: "51a06d9-45bc-585b5cffe5178-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4524
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 442030
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 422434
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mirakezel.com/wp-includes/js/wp-embed.min.js?ver=5.3.14
107.180.21.239200 OK 739 B URL HTTP/1.1 www.mirakezel.com/wp-includes/js/wp-embed.min.js?ver=5.3.14
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1391), with no line terminators
Hash 60d8829560031a011771efa2f39708af
a4689c3b70f773deb896eec78028e0902ef15097
a0176bd4cc53bd2e920b0dfd10f56d2a4a3820d671539414ef4b3e2b3e50b9b7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-embed.min.js?ver=5.3.14 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2021 03:16:11 GMT
ETag: "52a08d9-56f-5ba8e3df2d4c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 739
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
www.mirakezel.com/wp-content/plugins/js_composer1/assets/js/dist/js_composer_front.min.js?ver=5.7
107.180.21.239200 OK 5.7 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/js_composer1/assets/js/dist/js_composer_front.min.js?ver=5.7
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (19706), with no line terminators
Hash 7e76e8ec08b6706e3e5814ccecf4cefc
3be624813346feff0ee05ffac2d700a9411f1e6e
35f349a1c263c0e6669607bba7911e3467530bc4b12a0cbd492c6a577a3c35a7
GET /wp-content/plugins/js_composer1/assets/js/dist/js_composer_front.min.js?ver=5.7 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Wed, 13 Feb 2019 12:54:33 GMT
ETag: "538231c-4cfa-581c60b1dafa5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5653
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b64cf9bc1b2f7188451bdeae2696fabe
24537125f11cef2918be33a55a5eb39ea12dfc56
b4d0eb0f30419d8e50fcc4eb71051c4e9a9b68f4e45dfcf5ebd5e4fb6d4e9901
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4D0EB0F30419D8E50FCC4EB71051C4E9A9B68F4E45DFCF5EBD5E4FB6D4E9901"
Last-Modified: Mon, 28 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21131
Expires: Mon, 28 Nov 2022 22:46:53 GMT
Date: Mon, 28 Nov 2022 16:54:42 GMT
Connection: keep-alive
www.mirakezel.com/wp-content/plugins/bookingcom-banner-creator/images/spacer.gif
107.180.21.239200 OK 1.1 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/bookingcom-banner-creator/images/spacer.gif
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash 31ed810217cb6c93c455e2327d072974
4d95f733d4eb5fa595b5a81d244239c98294b52c
93ad53b5e75ac9f1b10195ce15730dbae4ab703d539ef86d6a693fe71cce5ac5
GET /wp-content/plugins/bookingcom-banner-creator/images/spacer.gif HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Wed, 01 Aug 2018 15:18:18 GMT
ETag: "522344f-449-572613449163e"
Accept-Ranges: bytes
Content-Length: 1097
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/gif
www.mirakezel.com/wp-content/plugins/bookingcom-banner-creator/images/booking_logotype_white_300x50.png
107.180.21.239200 OK 12 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/bookingcom-banner-creator/images/booking_logotype_white_300x50.png
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type PNG image data, 300 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash a470fb10c12cb8eb64aad8a95e65a500
d5277ffffa1d4f831233e1e01b8a1a7dc037269f
13ec24dbf5a87d99efd2a8a978560d14b049ecefea83cbe0858cc2aadaaa381c
GET /wp-content/plugins/bookingcom-banner-creator/images/booking_logotype_white_300x50.png HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Wed, 01 Aug 2018 15:18:18 GMT
ETag: "5223453-2e5b-5726134491a26"
Accept-Ranges: bytes
Content-Length: 11867
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
avsplow.com/a/j.gif?p=web&tv=pixel&e=se&aid=tp_widgets&se_ca=mewtwo&se_ac=proxy_init&co=%7B%22schema%22%3A%22contexts%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22event%22%2C%22data%22%3A%7B%22widget_id%22%3A%220888709be70490943fdec9368c3de754%22%2C%22trace_id%22%3A%22Zz25e2c0c348bd43c3b06f8db-185018%22%2C%22promo_id%22%3A%224238%22%7D%7D%5D%7D
188.42.198.44302 Found 0 B URL HTTP/1.1 avsplow.com/a/j.gif?p=web&tv=pixel&e=se&aid=tp_widgets&se_ca=mewtwo&se_ac=proxy_init&co=%7B%22schema%22%3A%22contexts%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22event%22%2C%22data%22%3A%7B%22widget_id%22%3A%220888709be70490943fdec9368c3de754%22%2C%22trace_id%22%3A%22Zz25e2c0c348bd43c3b06f8db-185018%22%2C%22promo_id%22%3A%224238%22%7D%7D%5D%7D
IP 188.42.198.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/j.gif?p=web&tv=pixel&e=se&aid=tp_widgets&se_ca=mewtwo&se_ac=proxy_init&co=%7B%22schema%22%3A%22contexts%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22event%22%2C%22data%22%3A%7B%22widget_id%22%3A%220888709be70490943fdec9368c3de754%22%2C%22trace_id%22%3A%22Zz25e2c0c348bd43c3b06f8db-185018%22%2C%22promo_id%22%3A%224238%22%7D%7D%5D%7D HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 302 Found
date: Mon, 28 Nov 2022 16:54:42 GMT
content-length: 0
location: http://avsplow.com/a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%220888709be70490943fdec9368c3de754%22,%22trace_id%22:%22Zz25e2c0c348bd43c3b06f8db-185018%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web
set-cookie: nuid=64df6998-4d0c-4836-a19d-91121fde67c1; Expires=Tue, 28 Nov 2023 16:54:42 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: *
access-control-allow-credentials: true
www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/webfonts/fa-brands-400.woff2
107.180.21.239200 OK 64 kB URL HTTP/1.1 www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/webfonts/fa-brands-400.woff2
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 64144, version 1.0\012- data
Hash 6814d0e8136d34e313623eb7129d538e
d902f8db3e021155f177f698a252fb98d6e61768
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.mirakezel.com/wp-content/plugins/themeisle-companion/obfx_modules/gutenberg-blocks/assets/fontawesome/css/all.min.css?ver=5.3.14
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Thu, 04 Apr 2019 15:15:11 GMT
ETag: "52c1891-fa90-585b5d6184f4a"
Accept-Ranges: bytes
Content-Length: 64144
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: font/woff2
www.travelpayouts.com/mewtwo/styles.css?v=002
172.255.224.36302 Found 0 B URL HTTP/1.1 www.travelpayouts.com/mewtwo/styles.css?v=002
IP 172.255.224.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mewtwo/styles.css?v=002 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 302 Found
content-length: 0
location: https://www.travelpayouts.com/mewtwo/styles.css?v=002
cache-control: no-cache
st.avsplow.com/19.18.9/sp.js
104.26.7.119200 OK 14 kB URL HTTP/1.1 st.avsplow.com/19.18.9/sp.js
IP 104.26.7.119:0
File type C source, ASCII text, with very long lines (42421), with no line terminators
Hash d1dc617e8609681b522f882027f36d2f
5e2f0899e483a8ce2601d8a41c312caca3028d31
65696064e13761b665b488108bfc7965e4ee4c55657eddacfc084ffeabb8080e
GET /19.18.9/sp.js HTTP/1.1
Host: st.avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=42630
cache-control: public, max-age=86400
etag: W/"fb6c75c607bf3120c5b82845fbd28e71"
last-modified: Mon, 11 Jul 2022 06:29:08 GMT
CF-Cache-Status: HIT
Age: 4955
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRQfRIkIgDVD6EKPDaE2nSoOpBC1wuDulfnb55XB%2FQaydOixjirOm7kFZo3uCcVznEKsTrmZSJaR7ATUvPZDKypnhZrxuL7X%2BEiN8NS5ZVHai7WI6fWA7k7Sz4ECCyR3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7714a084cd89b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.travelpayouts.com/mewtwo/logos.css
172.255.224.36302 Found 0 B URL HTTP/1.1 www.travelpayouts.com/mewtwo/logos.css
IP 172.255.224.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mewtwo/logos.css HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 302 Found
content-length: 0
location: https://www.travelpayouts.com/mewtwo/logos.css
cache-control: no-cache
www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
172.255.224.36302 Found 0 B URL HTTP/1.1 www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
IP 172.255.224.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 302 Found
content-length: 0
location: https://www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
cache-control: no-cache
www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021&
5.57.17.220301 Moved Permanently 0 B URL HTTP/1.1 www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021&
IP 5.57.17.220:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021& HTTP/1.1
Host: www.booking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
server: nginx
date: Mon, 28 Nov 2022 16:54:42 GMT
transfer-encoding: chunked
location: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021&
content-security-policy-report-only: report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=056876e9510400c5&e=UmFuZG9tSVYkc2RlIyh9YRXtvWBsZHB6V-Jh6sqVBe_XWXkPUpqx9_9SrusUTOEEqpRtOKhoWsI; frame-ancestors 'none';
x-xss-protection: 1; mode=block
adsnet.work/scripts/place.js
193.3.19.36200 OK 377 B URL HTTP/1.1 adsnet.work/scripts/place.js
IP 193.3.19.36:0
ASN #50340 OOO Network of data-centers Selectel
Hash 4435b6168b6acda2edea1c16ab2d857a
eff2c42517e44a568b5011125b5cba022f27f67f
dcd5ff0b5118befd94a04b7bbc750b5a7b473e39fefd81e235f79bd848916569
Analyzer Verdict Alert fortinet Malware
GET /scripts/place.js HTTP/1.1
Host: adsnet.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/7.4.26
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash aaaf3338e4c9aa470a5ab93320e33614
66e421307a8423b59639bba67adcbb3d93edcb0e
2552a702ad35013dc93ff5f08bcb02a0ee163c362e677e7991d8a1c72f1f5233
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2747
Cache-Control: max-age=153264
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:42 GMT
Etag: "638490c7-139"
Expires: Wed, 30 Nov 2022 11:29:06 GMT
Last-Modified: Mon, 28 Nov 2022 10:43:19 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
www.travelpayouts.com/widgets_static/0888709be70490943fdec9368c3de754.js?v=1449
172.255.224.36200 OK 67 kB URL HTTP/2 www.travelpayouts.com/widgets_static/0888709be70490943fdec9368c3de754.js?v=1449
IP 172.255.224.36:0
Hash c382316c5cd95b66a9915e7ed21d201d
ed3b554d7b334de1ab4ca93271fd081d8e6f7846
482d977e9cd2ecc3bd73c0c79bdc5106bbc61e1b322362fd123d0295f426ff6f
GET /widgets_static/0888709be70490943fdec9368c3de754.js?v=1449 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:41 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Nov 2022 17:10:55 GMT
etag: W/"6365479f-4f5e9"
set-cookie: auid_tp=CtY4rGOE59FfLwt+OmtAAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
www.travelpayouts.com/mewtwo/styles.css?v=002
172.255.224.36200 OK 12 kB URL HTTP/2 www.travelpayouts.com/mewtwo/styles.css?v=002
IP 172.255.224.36:0
File type ASCII text, with very long lines (65357)
Hash 1d8d10c0e470fac6b7a37eb3aeece2ac
1b3da5e633587776609fcd2696dbccdcc9d0fea7
e120fb6dead7c004e681736c433c86d2ec5e7ab49ea2a2e2bded4499e9e2c6dd
GET /mewtwo/styles.css?v=002 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:41 GMT
content-type: text/css
content-length: 11664
last-modified: Fri, 04 Nov 2022 11:15:58 GMT
content-encoding: br
cache-control: public, max-age=600
access-control-allow-origin: *
set-cookie: auid_tp=CtYRWmOE59G8v2KsxOsbAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
X-Firefox-Spdy: h2
avsplow.com/a/j
188.42.198.44200 OK 2 B IP 188.42.198.44:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /a/j HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 1221
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 16:54:43 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: nuid=b2e663ab-1165-4129-a256-3bae9c743c08; Expires=Tue, 28 Nov 2023 16:54:43 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: http://www.mirakezel.com
access-control-allow-credentials: true
www.travelpayouts.com/mewtwo/logos.css
172.255.224.36200 OK 17 kB URL HTTP/2 www.travelpayouts.com/mewtwo/logos.css
IP 172.255.224.36:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 51379e63580a70ed9822746f4266264a
0f339ca8b4d6fb301867a08e23e2daaaef9897e7
d5e2429446ab6a3895c6c8e6edb8097598c5731661c590f579e0f7c719b09462
GET /mewtwo/logos.css HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:43 GMT
content-type: text/css
content-length: 16655
last-modified: Fri, 04 Nov 2022 11:15:58 GMT
content-encoding: br
cache-control: public, max-age=600
access-control-allow-origin: *
set-cookie: auid_tp=CtY4rGOE59NfLwt+OmthAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
X-Firefox-Spdy: h2
hydrahydra.kim/fetch.php?tracker=adsnet.work&site=aHR0cDovL3d3dy5taXJha2V6ZWwuY29tL2Jvb2stZmxpZ2h0LWFuZC1ob3RlbC1kZWFscy8=
193.3.19.36200 OK 0 B URL HTTP/1.1 hydrahydra.kim/fetch.php?tracker=adsnet.work&site=aHR0cDovL3d3dy5taXJha2V6ZWwuY29tL2Jvb2stZmxpZ2h0LWFuZC1ob3RlbC1kZWFscy8=
IP 193.3.19.36:0
ASN #50340 OOO Network of data-centers Selectel
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fetch.php?tracker=adsnet.work&site=aHR0cDovL3d3dy5taXJha2V6ZWwuY29tL2Jvb2stZmxpZ2h0LWFuZC1ob3RlbC1kZWFscy8= HTTP/1.1
Host: hydrahydra.kim
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:43 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/7.4.26
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
avsplow.com/a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%220888709be70490943fdec9368c3de754%22,%22trace_id%22:%22Zz25e2c0c348bd43c3b06f8db-185018%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web
188.42.198.44200 OK 43 B URL HTTP/1.1 avsplow.com/a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%220888709be70490943fdec9368c3de754%22,%22trace_id%22:%22Zz25e2c0c348bd43c3b06f8db-185018%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web
IP 188.42.198.44:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fb02f374b8f73825415db1bccd4bd76d
b103aa629cacdd90b39538a7561da7f8e49ad73f
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
GET /a/j.gif?e=se&b3pc=true&co=%7B%22schema%22:%22contexts%22,%22data%22:%5B%7B%22schema%22:%22event%22,%22data%22:%7B%22widget_id%22:%220888709be70490943fdec9368c3de754%22,%22trace_id%22:%22Zz25e2c0c348bd43c3b06f8db-185018%22,%22promo_id%22:%224238%22%7D%7D%5D%7D&aid=tp_widgets&tv=pixel&se_ac=proxy_init&se_ca=mewtwo&p=web HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.mirakezel.com/
Connection: keep-alive
HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 16:54:43 GMT
content-type: image/gif
content-length: 43
set-cookie: nuid=00000000-0000-4000-a000-000000000000; Expires=Tue, 28 Nov 2023 16:54:43 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: *
access-control-allow-credentials: true
www.mirakezel.com/wp-content/uploads/2018/08/airline-wide.jpg
107.180.21.239200 OK 487 kB URL HTTP/1.1 www.mirakezel.com/wp-content/uploads/2018/08/airline-wide.jpg
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=18, height=3744, bps=230, compression=none, PhotometricIntepretation=RGB, description=Bonding, manufacturer=Canon, model=Canon EOS 5D Mark II, orientation=upper-left, width=5616], baseline, precision 8, 2000x857, components 3\012- data
Size 487 kB (486985 bytes)
Hash fdf661c5b9fde3cd24598345566b3abb
90fc79d4eee2e6d4dd6f012319acb2ad680bd6e9
192bac26c6f4839947e116e40caa09e14229f594d3fbb234c3bd59d89beca56f
GET /wp-content/uploads/2018/08/airline-wide.jpg HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Wed, 01 Aug 2018 20:01:16 GMT
ETag: "52a283d-76e49-572652848d8aa"
Accept-Ranges: bytes
Content-Length: 486985
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
avsplow.com/a/j
188.42.198.44200 OK 2 B IP 188.42.198.44:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /a/j HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 2255
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 16:54:43 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: nuid=871298a9-6e1f-4bca-87b7-7d682c013793; Expires=Tue, 28 Nov 2023 16:54:43 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: http://www.mirakezel.com
access-control-allow-credentials: true
www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021&
5.57.17.220200 OK 56 B URL HTTP/1.1 www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021&
IP 5.57.17.220:0
File type HTML document text\012- HTML document, ASCII text
Hash 63f71f891ba2297df89b6ab49de8b9a3
ea95e14860dd7ab82af6e60919d2e58590c4542c
7226a830fbe118e3014e103b12ea5d43872d5cfb7fb0d956cfa63d34c3cec5f3
GET /flexiproduct.html?product=sbp&w=500&h=130&lang=en&aid=1572357&target_aid=1572357&df_num_properties=3&fid=1669654482021& HTTP/1.1
Host: www.booking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:43 GMT
content-type: text/html; charset=UTF-8
content-length: 56
cache-control: private
vary: User-Agent, Accept-Encoding
content-encoding: br
nel: {"report_to":"default","max_age":604800}
report-to: {"max_age":604800,"endpoints":[{"url":"https://nellie.booking.com/report"}],"group":"default"}
set-cookie: _pxhd=j%252Ft1akLXPBZPGzgdPghBPXK9j%252FugkMpolI6z3siCpi62iIxpBQaMA4y7SEMd351fSIaOV7XeMJGIbASxqIgK1w%253D%253D%253ANL6bJZ4SEoYwouGnu9LqPdHy0IeL54u0TWVC3A4B9RNp-UF9sNC48gdxsAlRb9kMLP-iCPtRYcVV8PW96sJ-SVRSx8coFCZofF43VWabl3g%253D; domain=booking.com; path=/; expires=Tue, 28-Nov-2023 16:54:42 GMT
px_init=0; domain=booking.com; expires=Wed, 25-Dec-2075 09:49:26 GMT; SameSite=Strict; secure; HttpOnly
bkng=11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbnmKTRaewPBvcD3lFcxMPL9tS5hL8JhmrMxSpdVMAhjuy39RtTa%2F9%2BPUKtZdGcVvH7FgkPmkZm4EMnhhI6cg3hUBJ5CcKIZFzVCfmmMIe70RfjSLECUcLQlQz7BIMNu6QLnA76ut%2B%2BH7t2ZFdvnsPTElQP9Np4oytCPmtQ3wfACY%3D; domain=.booking.com; path=/; expires=Sat, 27-Nov-2027 16:54:43 GMT; Secure; HTTPOnly; SameSite=None
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
216.58.207.226200 OK 52 kB URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 216.58.207.226:0
File type ASCII text, with very long lines (4885)
Hash 2a637c98afa73e7a75276bb1fec499e6
6b64d62ed2f023ebc6a795988fa252d90a80c85d
b384121542d7615f550f825ba371aac89a3933f774bf1ab1f3cbedf9565c3002
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Mon, 28 Nov 2022 16:54:43 GMT
Expires: Mon, 28 Nov 2022 16:54:43 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 7905801913236121039
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 51835
X-XSS-Protection: 0
www.mirakezel.com/wp-content/uploads/2018/07/cropped-icon-1-32x32.jpg
107.180.21.239200 OK 1.0 kB URL HTTP/1.1 www.mirakezel.com/wp-content/uploads/2018/07/cropped-icon-1-32x32.jpg
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3\012- data
Hash 9ae910b71b6a5ec52172758eaf81b80f
82d02d8bb2d161111fe2cd0b392077cb16436362
6c187397df77fe0c061fff4124efd8edd820251ed3d58e48bead04eb886a0b81
GET /wp-content/uploads/2018/07/cropped-icon-1-32x32.jpg HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
Cookie: _tccl_visitor=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab; _tccl_visit=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:43 GMT
Server: Apache
Last-Modified: Tue, 31 Jul 2018 03:13:21 GMT
ETag: "52a033e-40b-57242f5d7d9e9"
Accept-Ranges: bytes
Content-Length: 1035
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
www.mirakezel.com/wp-content/uploads/2018/07/cropped-icon-1-192x192.jpg
107.180.21.239200 OK 6.0 kB URL HTTP/1.1 www.mirakezel.com/wp-content/uploads/2018/07/cropped-icon-1-192x192.jpg
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Hash 092e679e68b4d0074e23bd3112b559f6
325be02c36f827bb325a1bc61dd57f4becb36eee
6f5e6a5d17f48f5e9be3e1649e6f8ed9cdd76c2d5e025dc105d71ae18ab40afa
GET /wp-content/uploads/2018/07/cropped-icon-1-192x192.jpg HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
Cookie: _tccl_visitor=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab; _tccl_visit=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:43 GMT
Server: Apache
Last-Modified: Tue, 31 Jul 2018 03:13:21 GMT
ETag: "52a0338-179a-57242f5d6eba0"
Accept-Ranges: bytes
Content-Length: 6042
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1669654481728
54.230.111.91200 OK 2.8 kB URL HTTP/2 aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1669654481728
IP 54.230.111.91:0
File type ASCII text, with very long lines (6217), with no line terminators
Hash 8b2b98e24d2d4cfd1c304712cf5ee7a9
d250a3b9654602efcd894e61a8bf9ea318441436
77bde4942aafc2a3f01b98c642128ac35641fb0647b35dea2f5787b8a4bfbab1
GET /static/affiliate_base/js/flexiproduct.js?v=1669654481728 HTTP/1.1
Host: aff.bstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 28 Nov 2022 16:54:42 GMT
last-modified: Mon, 13 Jun 2022 03:41:28 GMT
etag: W/"62a6b1e8-1849"
expires: Wed, 28 Dec 2022 16:54:42 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3zkb-ddS-24XAMbjV27k1IFHL2dbucXxy6CMgXCEqm4PHly-p0Y9Hw==
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
142.250.74.98200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221110/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Mon, 28 Nov 2022 11:45:52 GMT
expires: Mon, 12 Dec 2022 11:45:52 GMT
cache-control: public, max-age=1209600
age: 18531
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.mirakezel.com/wp-content/uploads/2018/07/mira-logo.png
107.180.21.239200 OK 2.1 MB URL HTTP/1.1 www.mirakezel.com/wp-content/uploads/2018/07/mira-logo.png
IP 107.180.21.239:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type PNG image data, 5959 x 3992, 8-bit/color RGBA, non-interlaced\012- data
Size 2.1 MB (2058679 bytes)
Hash 43c545b2f56e2df1d47be0ddf6a2c854
931fa58d63f53c209390d5961c8692b906cec067
6ef3b625f2b99f8b69db4c2d57c36235d37a5228ae8b38f49cbe8c6717c26671
GET /wp-content/uploads/2018/07/mira-logo.png HTTP/1.1
Host: www.mirakezel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mirakezel.com/book-flight-and-hotel-deals/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:54:42 GMT
Server: Apache
Last-Modified: Sun, 29 Jul 2018 01:39:12 GMT
ETag: "52a2a68-1f69b7-5721969740489"
Accept-Ranges: bytes
Content-Length: 2058679
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4027928116346612&plah=www.mirakezel.com
216.58.207.226200 OK 120 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4027928116346612&plah=www.mirakezel.com
IP 216.58.207.226:0
File type ASCII text, with very long lines (6090)
Size 120 kB (119614 bytes)
Hash 82167e4ac76d95bd06d3591d29dfb6f5
e34a4923de3520fba5d0cdef9f94014c22fae363
348fb57defd0f3a928db449f08bcf1df7033a8c3e17b3a9871f147224989211a
GET /pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4027928116346612&plah=www.mirakezel.com HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 28 Nov 2022 16:54:44 GMT
expires: Mon, 28 Nov 2022 16:54:44 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 15565542211891525792
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 119614
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=www.mirakezel.com
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.mirakezel.com
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.mirakezel.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 28 Nov 2022 16:54:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.mirakezel.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.mirakezel.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.mirakezel.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 28 Nov 2022 16:54:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a857eec26a095f97806facc4251f4048
21bcf238687fd5f4fbefaf9704786f7c498f305e
b44b50b7e234fd05080699152a9bc0055a703a93ec2642ecb6b1f717effe7933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www.mirakezel.com&callback=_gfp_s_&client=ca-pub-4027928116346612&gpid_exp=1
172.217.21.162200 OK 255 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www.mirakezel.com&callback=_gfp_s_&client=ca-pub-4027928116346612&gpid_exp=1
IP 172.217.21.162:0
File type ASCII text, with very long lines (393), with no line terminators
Hash a9e96ecc99dc7a477d5bc1529082482d
27040b76fd1a51fce6ff87292b855f14efad76af
57979d0c77e85f6fae61e660c15145b7bd7f0b91f220e3f7155d856e91bc8fe3
GET /gampad/cookie.js?domain=www.mirakezel.com&callback=_gfp_s_&client=ca-pub-4027928116346612&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 28 Nov 2022 16:54:44 GMT
server: cafe
cache-control: private
content-length: 255
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a857eec26a095f97806facc4251f4048
21bcf238687fd5f4fbefaf9704786f7c498f305e
b44b50b7e234fd05080699152a9bc0055a703a93ec2642ecb6b1f717effe7933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash afdcfc5f3bd741d114596300d607f4cc
e82ea5829078ad9268cdf9c576c780b1c40c3696
1c80e7d28c6303b65a17bfa822163c5af3d6d5c480ee9f2e404b23119520eeb5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash afdcfc5f3bd741d114596300d607f4cc
e82ea5829078ad9268cdf9c576c780b1c40c3696
1c80e7d28c6303b65a17bfa822163c5af3d6d5c480ee9f2e404b23119520eeb5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
142.250.74.33200 OK 9.4 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1596)
Hash 6b277303de172776fc303dfc195982ef
fe6c6af5791742485ae21c4dc02edbee2b426886
c536ada7aa8f4679e0e4f0b99703aab79f6fe32659d777f9c01a7785aa06a36d
GET /pagead/js/r20221110/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 9428
x-xss-protection: 0
date: Mon, 28 Nov 2022 05:12:02 GMT
expires: Mon, 12 Dec 2022 05:12:02 GMT
cache-control: public, max-age=1209600
etag: 246362764157784863
content-type: text/javascript; charset=UTF-8
age: 42163
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
142.250.74.33200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1540)
Hash d22e40b1bc4f1b0f1727b96a0f32f7dd
57030c5040f0013120cca1e77fe38af35d4610e0
6f6d3797f9b19ffcd2f416a7566a58cf70fd4fb0ab17dec03fa5b690c6939494
GET /pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7458
x-xss-protection: 0
date: Mon, 28 Nov 2022 05:12:02 GMT
expires: Mon, 12 Dec 2022 05:12:02 GMT
cache-control: public, max-age=1209600
etag: 16870613375306414947
content-type: text/javascript; charset=UTF-8
age: 42163
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.163200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.163:0
File type C++ source, ASCII text, with very long lines (1921)
Hash 48a3f12d2425ba123d53524adc123834
c8f4ecbe239261b944879c18ec1a353d0cc674ba
632e1fbd2bba00a95491c806cdf850014b1b617323f698c492272d917603e20b
GET /mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14118
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:43:31 GMT
expires: Mon, 20 Feb 2023 10:43:31 GMT
cache-control: public, max-age=7776000
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
content-type: text/javascript
age: 540674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
avsplow.com/a/j
188.42.198.44200 OK 2 B IP 188.42.198.44:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /a/j HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 1605
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: http://www.mirakezel.com/
HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 16:54:46 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: nuid=35721184-29fa-42f0-bdba-2f6d19ef6f01; Expires=Tue, 28 Nov 2023 16:54:46 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: http://www.mirakezel.com
access-control-allow-credentials: true
events.api.secureserver.net/t/1/tl/event?cts=1669654481958&dh=www.mirakezel.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=612229519&cv=2.0.0&z=1420559489&vg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&vtg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&dp=%2Fbook-flight-and-hotel-deals&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0212%22%2C%22dcenter%22%3A%22a2%22%2C%22id%22%3A%221585935%22%7D&hit_id=50694fa8-48b5-5322-90b7-b356619da54c&ht=pageview
23.72.139.72200 OK 43 B URL HTTP/2 events.api.secureserver.net/t/1/tl/event?cts=1669654481958&dh=www.mirakezel.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=612229519&cv=2.0.0&z=1420559489&vg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&vtg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&dp=%2Fbook-flight-and-hotel-deals&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0212%22%2C%22dcenter%22%3A%22a2%22%2C%22id%22%3A%221585935%22%7D&hit_id=50694fa8-48b5-5322-90b7-b356619da54c&ht=pageview
IP 23.72.139.72:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /t/1/tl/event?cts=1669654481958&dh=www.mirakezel.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=612229519&cv=2.0.0&z=1420559489&vg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&vtg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&dp=%2Fbook-flight-and-hotel-deals&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0212%22%2C%22dcenter%22%3A%22a2%22%2C%22id%22%3A%221585935%22%7D&hit_id=50694fa8-48b5-5322-90b7-b356619da54c&ht=pageview HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: http://www.mirakezel.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Mon, 28 Nov 2022 16:54:46 GMT
X-Firefox-Spdy: h2
events.api.secureserver.net/t/1/tl/event?cts=1669654485322&dh=www.mirakezel.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=612229519&cv=2.0.0&z=1004915093&vg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&vtg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&dp=%2Fbook-flight-and-hotel-deals&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0212%22%2C%22dcenter%22%3A%22a2%22%2C%22id%22%3A%221585935%22%7D&hit_id=6b799598-7fa7-5a71-a774-4d483466ca69&ht=perf&tce=1669654478975&tcs=1669654478874&tdc=1669654485286&tdclee=1669654482016&tdcles=1669654481968&tdi=1669654481960&tdl=1669654480518&tdle=1669654478873&tdls=1669654478867&tfs=1669654478866&tns=1669654477318&trqs=1669654478975&tre=1669654480614&trps=1669654480514&tles=1669654485286&tlee=0&nt=navigate&nav_type=hard
23.72.139.72200 OK 43 B URL HTTP/2 events.api.secureserver.net/t/1/tl/event?cts=1669654485322&dh=www.mirakezel.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=612229519&cv=2.0.0&z=1004915093&vg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&vtg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&dp=%2Fbook-flight-and-hotel-deals&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0212%22%2C%22dcenter%22%3A%22a2%22%2C%22id%22%3A%221585935%22%7D&hit_id=6b799598-7fa7-5a71-a774-4d483466ca69&ht=perf&tce=1669654478975&tcs=1669654478874&tdc=1669654485286&tdclee=1669654482016&tdcles=1669654481968&tdi=1669654481960&tdl=1669654480518&tdle=1669654478873&tdls=1669654478867&tfs=1669654478866&tns=1669654477318&trqs=1669654478975&tre=1669654480614&trps=1669654480514&tles=1669654485286&tlee=0&nt=navigate&nav_type=hard
IP 23.72.139.72:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /t/1/tl/event?cts=1669654485322&dh=www.mirakezel.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&vci=612229519&cv=2.0.0&z=1004915093&vg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&vtg=ce52ec6f-17aa-5dfe-a8a3-19e15cca4aab&dp=%2Fbook-flight-and-hotel-deals&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0212%22%2C%22dcenter%22%3A%22a2%22%2C%22id%22%3A%221585935%22%7D&hit_id=6b799598-7fa7-5a71-a774-4d483466ca69&ht=perf&tce=1669654478975&tcs=1669654478874&tdc=1669654485286&tdclee=1669654482016&tdcles=1669654481968&tdi=1669654481960&tdl=1669654480518&tdle=1669654478873&tdls=1669654478867&tfs=1669654478866&tns=1669654477318&trqs=1669654478975&tre=1669654480614&trps=1669654480514&tles=1669654485286&tlee=0&nt=navigate&nav_type=hard HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.mirakezel.com
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: http://www.mirakezel.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Mon, 28 Nov 2022 16:54:46 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 03ad9fc0b00b5df3165dc2fb1e3b0a3e
f8243335a8bc24d989bddd346048a055e1d0bdeb
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:54:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 393fe9680c646ef5e0ff17d983156462
e327bde00eb90d694657d78f409b08a5e661fd3e
80ddc6a7b2f92be149c9a2ee8758c590a2b78e71af8e3c805204f6190ccf3525
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 28 Nov 2022 16:54:47 GMT
date: Mon, 28 Nov 2022 16:54:47 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-2fYe29aonfUJrZu7NIPIYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0bd385532089b45a14e461abbecc1af
3da359b1ba09138a425094715b9f3a2f8d0257fe
803001528f2aefc1ea90e585d48de435975862861a1cbe8d898e5cd7ebd297dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8771
x-amzn-requestid: 995d3904-9be1-4b40-9813-ff47e60639ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_MEAPoAMF0xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d861-3fdb7958064e0c4b1aed2136;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vrBB4JkuL3nbZnDWitQ4dvTruO9M6hSt8mw9NuJliCmcNOw8xvfWhw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:20:34 GMT
age: 66853
etag: "3da359b1ba09138a425094715b9f3a2f8d0257fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500%2C700%7CRoboto+Slab%3A400%2C700&subset=latin%2Clatin-ext&ver=2.4.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500%2C700%7CRoboto+Slab%3A400%2C700&subset=latin%2Clatin-ext&ver=2.4.2
IP 142.250.74.10:0
GET /css?family=Roboto%3A300%2C400%2C500%2C700%7CRoboto+Slab%3A400%2C700&subset=latin%2Clatin-ext&ver=2.4.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 16:54:41 GMT
date: Mon, 28 Nov 2022 16:54:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
172.255.224.36200 OK 0 B URL HTTP/2 www.travelpayouts.com/whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en
IP 172.255.224.36:0
GET /whereami?locale=en&callback=mewtwoForms.geoIPSetter.lang_en HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:43 GMT
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
x-request-id: c3dba56ba9ab108762153e9ab6426fc3
content-encoding: br
X-Firefox-Spdy: h2
r.bstatic.com/data/sp_aff/906594/bdotcom_mountain_theme_3.jpg
54.230.111.91200 OK 0 B URL HTTP/2 r.bstatic.com/data/sp_aff/906594/bdotcom_mountain_theme_3.jpg
IP 54.230.111.91:0
GET /data/sp_aff/906594/bdotcom_mountain_theme_3.jpg HTTP/1.1
Host: r.bstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mirakezel.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 352567
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=2592000
date: Fri, 04 Nov 2022 19:11:30 GMT
etag: "574822d8-56137"
expires: Sun, 04 Dec 2022 19:11:30 GMT
last-modified: Fri, 27 May 2016 10:35:04 GMT
server: nginx
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Hm9XTvtH-TUJAXwJt2-vN0uBDJ7h6ODj6L4eIaniaB7bpLQe4ZA67w==
age: 2065392
X-Firefox-Spdy: h2
www.travelpayouts.com/widgets/0888709be70490943fdec9368c3de754.js?v=1449
172.255.224.36200 OK 0 B URL HTTP/2 www.travelpayouts.com/widgets/0888709be70490943fdec9368c3de754.js?v=1449
IP 172.255.224.36:0
GET /widgets/0888709be70490943fdec9368c3de754.js?v=1449 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mirakezel.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:54:41 GMT
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=0
link: </mewtwo/styles.css?v=002>; rel=preload; as=style, </widgets_static/0888709be70490943fdec9368c3de754.js?v=1449>; rel=preload; as=script
timing-allow-origin: *
x-promo-id: 4238
x-request-id: c520e5d26c957f670b490d3d7ccc1dd8
x-robots-tag: noindex
content-encoding: br
set-cookie: auid_tp=CtY4rGOE59FfPgt/zV+mAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
X-Firefox-Spdy: h2