firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 03:15:38 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ssywIhExiGuCuNUFJMhV1fL9Kd7poy0AjCT9rX-X22U366d5tz9eEw==
Age: 1459
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Wed, 28 Sep 2022 04:43:25 GMT
Date: Wed, 28 Sep 2022 03:39:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iixaKtTbOnsS9-pTcWCt3VBCGMGSV4bhiu7_SLJIUCAUtIDksTffeA==
age: 65744
X-Firefox-Spdy: h2
flightsofqatar.com/
192.64.118.42301 Moved Permanently 707 B IP 192.64.118.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Wed, 28 Sep 2022 03:39:57 GMT
server: LiteSpeed
location: https://flightsofqatar.com/
x-turbo-charged-by: LiteSpeed
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 03:39:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 03:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 04:12:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qddmrSA2_3gsMoC7UztkH534fIAsLo_61YhP2pYyY9ztTYb-MGKEpw==
Age: 624
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 03:39:57 GMT
Last-Modified: Wed, 28 Sep 2022 02:58:29 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.80.131.74101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.131.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UrwuNccWdBotv1UU0q4ljA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E5G9BxUzwHd36Cj07vHadeYxCe4=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19201
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 03:39:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19201
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 03:39:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19201
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 03:39:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c761355e3b9bdf64113c92591306b959
5dcf4fbd065e0850c2602a5e8791ba7af1999d9f
03464d30ae3a3199bb3b19e1c730385fc8f68444d41eb0099542bd83108e6ed5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9715fa-0606-41f2-b3fa-1c7048f24b48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9710
x-amzn-requestid: 34553ef5-773c-4c06-835f-0382202b706d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCWDE74IAMF0xA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63311759-3a8cc99a4d529adc23d1dfc1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:07:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6WtNGTt-HH__-2fhF-DwduAIhqNW2D0nB24FIIwmSuNVLsQuLDQy1g==
via: 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 05:04:56 GMT
age: 81303
etag: "5dcf4fbd065e0850c2602a5e8791ba7af1999d9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c254fe7-b89c-4a2c-a79c-4a6a0fe2d17c.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c254fe7-b89c-4a2c-a79c-4a6a0fe2d17c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccfb4931d41ca01aa55b4b8e9ef6b4e1
2351d2547f4bd0aac45bb21a5aa8277e80ef15f2
89de9954ee2874b476c907810189812efe13234a46910180f34f68082429260f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c254fe7-b89c-4a2c-a79c-4a6a0fe2d17c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7020
x-amzn-requestid: 1258ee7b-987a-4454-8963-e76b7c1470f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4EVxIAMFrmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-7a1fbaa251600686757f9583;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ISJfVYtY7kLIm87GZEvqMmEr3D4vYcZDi-WJAu4GyaxLQKRUDbVjg==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 21236
etag: "2351d2547f4bd0aac45bb21a5aa8277e80ef15f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 21239
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 21081
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
age: 21061
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32ba25b9-e398-414a-9dde-2f155c8c15f3.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32ba25b9-e398-414a-9dde-2f155c8c15f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be4273ebf3ccd4e408ed8f336d5120e5
cff7127ee9309fcc0ad5143112ef832667ba8be0
37dfdb5cf400e8bf3f314c67a641dd5fcba0f3937ff7249d2819a498436bafb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32ba25b9-e398-414a-9dde-2f155c8c15f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9407
x-amzn-requestid: 97cabe42-e11e-47ee-bb7b-d193b703ddad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPEpmIAMF_AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-3d8db9cc3ff1d8305fae4d24;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 3upcqY5Ak2VMUrhEKOdfnd9jrX9R_Gt_g5Avyn3xVIhfQGiao4sl8A==
via: 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "cff7127ee9309fcc0ad5143112ef832667ba8be0"
content-type: image/jpeg
age: 20995
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ac041a55979f2b1235c265578c9fc114
a58e6a6de04eeb64b132f4869f759cc3851db115
e4913541ab11a278fb5603f2414aedb1345f4049582c7cab80fdfe21c26df25c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 03:39:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 25 Sep 2022 14:17:11 GMT
Expires: Sun, 02 Oct 2022 14:17:10 GMT
Etag: "a58e6a6de04eeb64b132f4869f759cc3851db115"
Cache-Control: max-age=383230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751974756f3eb4f4-OSL
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash cb600c4fe611e7a9f6e1df50d934375d
afac81b549aade8b7a1ba18e63432036343fdadf
4ac0f690be6e1e0c0f070e8600e05e7c235ba70b4baf3f4e5a35d207b1db168c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 03:40:01 GMT
Last-Modified: Wed, 28 Sep 2022 02:08:33 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
cdnjs.cloudflare.com/ajax/libs/gsap/1.11.2/TweenMax.min.js
104.17.25.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/gsap/1.11.2/TweenMax.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (32033)
Hash 6fc7d7d232455a567501c29632d365f1
59e4133b0a5cc9723b222236af71342049892c98
724f3ee0e11df451de6a029f35af486a6941a42c176cfea462221e3f848b01fb
GET /ajax/libs/gsap/1.11.2/TweenMax.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 03:40:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 27294
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e71-16e67"
last-modified: Mon, 04 May 2020 16:10:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6676861
expires: Mon, 18 Sep 2023 03:40:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRLVu0u%2BW1z4puHlXSCxu6HOezq2JdWJ2HVTcnN4jRpYQMVD9zBveEpUGpY4vSEhbpppaxlyMVEz9TPhddcXSf59X1yJ9sWXwh6PZU6m5nXmtOKt1E4x1CcHGOUEZydcX25upn1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7519748a8e401c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 03:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash cb600c4fe611e7a9f6e1df50d934375d
afac81b549aade8b7a1ba18e63432036343fdadf
4ac0f690be6e1e0c0f070e8600e05e7c235ba70b4baf3f4e5a35d207b1db168c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 03:40:01 GMT
Last-Modified: Wed, 28 Sep 2022 02:08:33 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
flightsofqatar.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=6.0.2
192.64.118.42200 OK 237 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=6.0.2
IP 192.64.118.42:0
Hash 83042c9c72bc38390b52906120f81c35
98a9789c05c0f981dca01d2c3622b5e458ba7589
a193b2efbe3e706cc8c633fff822f5a64eb0ee5f692c4a3495f3c7e58e8b7637
GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 10:03:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 237
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?key=AIzaSyDVEleWk2h_qJPXo64_-QJ2faJV8z6voVQ&ver=3.0
142.250.74.10200 OK 54 kB URL HTTP/2 maps.googleapis.com/maps/api/js?key=AIzaSyDVEleWk2h_qJPXo64_-QJ2faJV8z6voVQ&ver=3.0
IP 142.250.74.10:0
File type ASCII text, with very long lines (2453)
Hash a689d58974da6afba3dde5560183b271
53e0c56128a8290e25c940233994f763975df8a8
44c146dc4c50883ec227991e2e76c25f45762ccf265ec6a0462bb536ab506dab
GET /maps/api/js?key=AIzaSyDVEleWk2h_qJPXo64_-QJ2faJV8z6voVQ&ver=3.0 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Wed, 28 Sep 2022 03:40:01 GMT
expires: Wed, 28 Sep 2022 04:10:01 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 54038
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=21
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 03:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
images.immediate.co.uk/production/volatile/sites/3/2021/10/Screenshot-2021-10-07-at-17.30.31-86e007a.jpg?quality=90&webp=true&fit=620,413
151.101.86.137200 OK 100 kB URL HTTP/2 images.immediate.co.uk/production/volatile/sites/3/2021/10/Screenshot-2021-10-07-at-17.30.31-86e007a.jpg?quality=90&webp=true&fit=620,413
IP 151.101.86.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e34987431e555c3c22f4a6788347f5ee
2474371e4952ffdfa667d42928b6f11651a75676
dac99df57609685290e0706145d497a721f70129d2a268ce5007bcfaef104bc9
GET /production/volatile/sites/3/2021/10/Screenshot-2021-10-07-at-17.30.31-86e007a.jpg?quality=90&webp=true&fit=620,413 HTTP/1.1
Host: images.immediate.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
x-amzn-requestid: ee456451-bd82-40c8-b403-8536bcf2db58
last-modified: Tue, 27 Sep 2022 10:28:28 GMT
x-amz-apigw-id: ZHV8AEpCDoEF7UQ=
cache-control: max-age=31536000
x-amzn-trace-id: Root=1-6332d04c-6b54f3026b946ce51afefb5d;Sampled=0
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: SN74KW5ePZaco8iBt37hvxPMxe37drYhKDzvRz6i3JgVPb2G1jOaQg==
accept-ranges: bytes
date: Wed, 28 Sep 2022 03:40:01 GMT
age: 61892
x-served-by: cache-bma1668-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 1
fastly-geoip-countrycode: NO
access-control-allow-origin: *
vary: routing_service_test
content-length: 99632
X-Firefox-Spdy: h2
images.immediate.co.uk/production/volatile/sites/3/2021/10/Qatar-stadiums-6aadcaf.jpeg?quality=90&webp=true&fit=800,533
151.101.86.137200 OK 99 kB URL HTTP/2 images.immediate.co.uk/production/volatile/sites/3/2021/10/Qatar-stadiums-6aadcaf.jpeg?quality=90&webp=true&fit=800,533
IP 151.101.86.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a2f31ddfa91b751d030a3a2b5566842f
c13857b1e9c280c6670095a7fc911b60a9add98c
92e3dcfba06387753ce47f7b2f57d1adf78470ad94f3b5eea2a0538fc0732b73
GET /production/volatile/sites/3/2021/10/Qatar-stadiums-6aadcaf.jpeg?quality=90&webp=true&fit=800,533 HTTP/1.1
Host: images.immediate.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
x-amzn-requestid: 952e1336-467f-4e3b-902e-d2b4424d2f99
last-modified: Tue, 27 Sep 2022 10:28:28 GMT
x-amz-apigw-id: ZHV8AHsFDoEFRMw=
cache-control: max-age=31536000
x-amzn-trace-id: Root=1-6332d04c-621afaa838967cc34375905a;Sampled=0
via: 1.1 0ca6102b671acc9950502eeeca241bf8.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: -5yC3c0RkLaPA9zRahwDutRGM8b6cg9iyl2dMME5e-apuV_YQlqfFQ==
accept-ranges: bytes
date: Wed, 28 Sep 2022 03:40:01 GMT
age: 61892
x-served-by: cache-bma1668-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 1
fastly-geoip-countrycode: NO
access-control-allow-origin: *
vary: routing_service_test
content-length: 99254
X-Firefox-Spdy: h2
images.immediate.co.uk/production/volatile/sites/3/2021/10/Qatar-stadium-8f98973.jpeg?quality=90&webp=true&fit=1672,1114
151.101.86.137200 OK 418 kB URL HTTP/2 images.immediate.co.uk/production/volatile/sites/3/2021/10/Qatar-stadium-8f98973.jpeg?quality=90&webp=true&fit=1672,1114
IP 151.101.86.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 418 kB (417724 bytes)
Hash 9d24aa1a1fa443d9b0335351db0dc109
53ad0046bde5b825cfa872ec077ded9efc543cce
4631fcb13f5310dfd7dff4751565b99a6842e82ad05a9daa03bd2f2488e3693c
GET /production/volatile/sites/3/2021/10/Qatar-stadium-8f98973.jpeg?quality=90&webp=true&fit=1672,1114 HTTP/1.1
Host: images.immediate.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
x-amzn-requestid: 92e2cdc6-7bb4-40f9-b07c-b8ac9f80fcc0
last-modified: Tue, 27 Sep 2022 10:28:29 GMT
x-amz-apigw-id: ZHV8AFMMjoEFrlQ=
cache-control: max-age=31536000
x-amzn-trace-id: Root=1-6332d04c-447b2d535653b8f56ef8312c;Sampled=0
via: 1.1 6b590e690e32695caa633ab770319d74.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Md3nogjpDaZBJEGyc-JxFFAzsU3Q7NXqzS9afrw1bf_qACdYAPXueQ==
accept-ranges: bytes
date: Wed, 28 Sep 2022 03:40:01 GMT
age: 61892
x-served-by: cache-bma1668-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 1
fastly-geoip-countrycode: NO
access-control-allow-origin: *
vary: routing_service_test
content-length: 417724
X-Firefox-Spdy: h2
images.immediate.co.uk/production/volatile/sites/3/2021/10/GettyImages-1196061657-7e18ad9.jpg?quality=90&webp=true&fit=2200,1465
151.101.86.137200 OK 1.0 MB URL HTTP/2 images.immediate.co.uk/production/volatile/sites/3/2021/10/GettyImages-1196061657-7e18ad9.jpg?quality=90&webp=true&fit=2200,1465
IP 151.101.86.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 1.0 MB (1000678 bytes)
Hash 335bebe7508101db0e09926b282f999c
1ec138dd78120123d728dc8f2295155750280006
0ed1b2802ffc45574f2c0f7553d806bd8ab73e7d79d553eaa994d6d455928797
GET /production/volatile/sites/3/2021/10/GettyImages-1196061657-7e18ad9.jpg?quality=90&webp=true&fit=2200,1465 HTTP/1.1
Host: images.immediate.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
x-amzn-requestid: bc191ae4-38a7-43be-a855-e2abb013cdd6
last-modified: Tue, 27 Sep 2022 10:28:31 GMT
x-amz-apigw-id: ZHV8CFJiDoEF0nQ=
cache-control: max-age=31536000
x-amzn-trace-id: Root=1-6332d04c-52bf029c550ff2a737cfb904;Sampled=0
via: 1.1 ab5e2ae728dfa6338273a7f7bcdc636c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 4B1ts1r0Bnw8p2VWPF4p5SNzXjW2vFiu_URcos5KCK0sjTEl7Gff1g==
accept-ranges: bytes
date: Wed, 28 Sep 2022 03:40:01 GMT
age: 61889
x-served-by: cache-bma1668-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 1
fastly-geoip-countrycode: NO
access-control-allow-origin: *
vary: routing_service_test
content-length: 1000678
X-Firefox-Spdy: h2
flightsofqatar.com/
192.64.118.42200 OK 1.1 MB IP 192.64.118.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (21275), with CRLF, LF line terminators
Size 1.1 MB (1133847 bytes)
Hash ece5b99e59f938b996616c89847f6730
394406f2cff5aa6d84621b0ba9a7a6c898f39725
5a762b4e57655f3f055849fd9a4f135b822138d99f359430f4664ed1f2a32a5b
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
set-cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
x-pingback: https://flightsofqatar.com/xmlrpc.php
link: <https://flightsofqatar.com/wp-json/>; rel="https://api.w.org/", <https://flightsofqatar.com/wp-json/wp/v2/pages/1407>; rel="alternate"; type="application/json", <https://flightsofqatar.com/>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 03:40:00 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
images.immediate.co.uk/production/volatile/sites/3/2021/10/GettyImages-1196061599-9d1424f.jpg?quality=90&webp=true&fit=2200,1465
151.101.86.137200 OK 1.2 MB URL HTTP/2 images.immediate.co.uk/production/volatile/sites/3/2021/10/GettyImages-1196061599-9d1424f.jpg?quality=90&webp=true&fit=2200,1465
IP 151.101.86.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 1.2 MB (1244922 bytes)
Hash 215bc6f33138a48da37ff998fa9d9d1b
180fd55140d4cf54e200608a719b9eda4ce0561b
4dc2c590b1b7047f46a329c8c637b80aad2fcc75f1d3f59d0a52cfa65187b0d6
GET /production/volatile/sites/3/2021/10/GettyImages-1196061599-9d1424f.jpg?quality=90&webp=true&fit=2200,1465 HTTP/1.1
Host: images.immediate.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
x-amzn-requestid: e2086d4a-befb-4e7e-ac6b-63be8965ff37
last-modified: Tue, 27 Sep 2022 10:28:31 GMT
x-amz-apigw-id: ZHV8AEC9DoEFskg=
cache-control: max-age=31536000
x-amzn-trace-id: Root=1-6332d04c-49470e11686281dc09918438;Sampled=0
via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: VBIu9s-R8PNwo8Gsnx2HTo-W28GiAU_zBFAFOZ9hFNZqTBRFlwcuxA==
accept-ranges: bytes
date: Wed, 28 Sep 2022 03:40:01 GMT
age: 61890
x-served-by: cache-bma1668-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 1
fastly-geoip-countrycode: NO
access-control-allow-origin: *
vary: routing_service_test
content-length: 1244922
X-Firefox-Spdy: h2
stats.wp.com/s-202239.js
192.0.76.3200 OK 1.1 MB IP 192.0.76.3:0
File type ASCII text, with very long lines (9364), with no line terminators
Size 1.1 MB (1054819 bytes)
Hash 35c16f96b8e3448c745d75cc15f3b366
f4105f38535f0fe74ad1dc6e0d0710620bdc89b4
55166bcda45f278bbbfa51d04cfabeabe3ab77e3d8fac2234f42c37039d34542
GET /s-202239.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 03:40:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-2494"
content-encoding: br
expires: Mon, 25 Sep 2023 23:51:27 GMT
cache-control: max-age=31536000
x-nc: HIT arn
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
192.64.118.42200 OK 11 kB URL HTTP/2 flightsofqatar.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (43771)
Hash d45207ee05c1f0c57dfa075e61405ccd
a8d35143a2d828a739ea0fdde75f97d33621e7ec
a9a4adbbcee31ec277f1bdd573eef97dc4341f29f2db3b5685a02dfe4d2fe9bb
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 00:36:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10946
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
192.64.118.42200 OK 2.4 kB URL HTTP/2 flightsofqatar.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 192.64.118.42:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash ce94f62588d05264ac0148712111cb11
518bcd922f54169aeb199c0ccbc5877165ac218e
84ab658a69c39f424be0b27f61d612447d01606fce33beb962cbea53627d8c81
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Wed, 30 Sep 2020 01:23:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2394
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2
192.64.118.42200 OK 982 B URL HTTP/2 flightsofqatar.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (4186), with no line terminators
Hash 24f4d7f425e792ab35adaab50816e54a
9e25bf79b674ddb7ba09ad7f118c50ec473c02c8
1c78bfb4d523785a4ebd37bb1f79f214f9bdb16673f7cc50805f7f1a26ad7f83
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 08 Jun 2019 06:15:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 982
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.3.3
192.64.118.42200 OK 1.8 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.3.3
IP 192.64.118.42:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash f7237084ac82ea6a4f5bf1448c3a2148
60457635a5e809ee1199c61090d8e33b91e8e1f2
18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.3.3 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Thu, 25 Aug 2022 00:12:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1754
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/go_pricing/assets/css/go_pricing_styles.css?ver=3.3.19
192.64.118.42200 OK 7.1 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/go_pricing/assets/css/go_pricing_styles.css?ver=3.3.19
IP 192.64.118.42:0
File type ASCII text, with CRLF line terminators
Hash a55cbd67620fb0fec8b5c7efbce32601
4d014510400c71219e3dabd133b6f671542fb1e3
ac5e2e721307f9eaf0a82b683058d75e67255091ec235f1c48dc97168a1967aa
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/go_pricing/assets/css/go_pricing_styles.css?ver=3.3.19 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 14:13:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7137
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.9.4
192.64.118.42200 OK 2.3 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.9.4
IP 192.64.118.42:0
File type ASCII text, with very long lines (17809), with no line terminators
Hash 09d93f4de720fc11a2944fea38fcafcd
e46cf6a8d3373c7fa5feba0b30cd9b9983f719b2
cf900721be13309b96cf6c6f56b1c0a40194e8aea1b0a0361739219c9c0f9998
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.9.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 00:24:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2329
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=2.7.7
192.64.118.42200 OK 12 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=2.7.7
IP 192.64.118.42:0
Hash 8984613f53a109cc01f6894ec1a4e934
629668fa02d3618bb28143538d2702213ad4f39b
f12987808aca5600c5f572bacfdc190cd554ed9655c18a8bfe5ee528a099e8a8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=2.7.7 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12300
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
192.64.118.42200 OK 848 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP 192.64.118.42:0
Hash c962ba8e7d42ff9da18392b41dad5151
7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Mon, 11 Oct 2021 13:40:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.3.3
192.64.118.42200 OK 21 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.3.3
IP 192.64.118.42:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash b949966fb1c62c392babd0eb97a080ca
68842cbc531c38a01569da81eff51b1d358f7734
c7804b0b1571c1986e8661aef7343839d797bb368222a537c996b062f1d9f695
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.3.3 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Thu, 25 Aug 2022 00:12:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20885
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/components/flexslider/flexslider.css?ver=6.0.2
192.64.118.42200 OK 1.4 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/components/flexslider/flexslider.css?ver=6.0.2
IP 192.64.118.42:0
Hash 891dae13b5480074fcef2bbb5e50906c
b015b5542b1f6730e430973a240316eb073f7032
0de3ca3f316aa80959dac18374b37b3f0597846808d710c8de06140f42ea3750
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/components/flexslider/flexslider.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1445
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/components/jquery.timepicker/jquery.timepicker.css?ver=6.0.2
192.64.118.42200 OK 381 B URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/components/jquery.timepicker/jquery.timepicker.css?ver=6.0.2
IP 192.64.118.42:0
Hash e6795eb8704e72a36000f943cbdf0e23
a80e9e5e9c7bbe23ca0bb5cede212a20002e1102
7d6a7f52ebcc6416faf286f22fc630d3af923c63a2b4c1f886fc4e4ddab8a806
GET /wp-content/themes/Travelo/js/components/jquery.timepicker/jquery.timepicker.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 381
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.64.118.42200 OK 5.3 kB URL HTTP/2 flightsofqatar.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (11126)
Hash e99189ee8d54b94ef68835e3cadc54e6
bd63bc1df7f957893b667ae786d4e9cdde5cc548
1d7d6276f3751eff748677def3ce88d9dc40210c6184c42933a8d3bdacdf83ce
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 19:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5305
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.soaptheme.net/wordpress/travelo/wp-content/uploads/2014/11/promo-image1.png
66.198.245.33200 OK 117 kB URL HTTP/1.1 www.soaptheme.net/wordpress/travelo/wp-content/uploads/2014/11/promo-image1.png
IP 66.198.245.33:0
File type PNG image data, 342 x 258, 8-bit/color RGBA, non-interlaced\012- data
Size 117 kB (116876 bytes)
Hash 24b4a2157a833fac58b82f6079df1611
c47b89913bfbf2a2cdac2655bf15be31e92aee87
91995f8e740176b2dac638ade35f9a904affd2cf9da07ffc7e91fd3d8bf76ceb
GET /wordpress/travelo/wp-content/uploads/2014/11/promo-image1.png HTTP/1.1
Host: www.soaptheme.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 03:40:01 GMT
Server: Apache/2.4.53 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4
Last-Modified: Sat, 13 Dec 2014 17:22:14 GMT
ETag: "315552-1c88c-50a1c40147d80"
Accept-Ranges: bytes
Content-Length: 116876
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
flightsofqatar.com/wp-content/uploads/2022/07/services-500x300.jpeg
192.64.118.42200 OK 27 kB URL HTTP/2 flightsofqatar.com/wp-content/uploads/2022/07/services-500x300.jpeg
IP 192.64.118.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x300, components 3\012- data
Hash 564ecf49653e80be27e5831ca66143b3
450fd56a0b410dc614aef1ab3e16d46c92ca3f37
4b4a2b6b96d24331aef118ab4c9dc6b92a249dd349a93e40507d6d71399a4f14
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/07/services-500x300.jpeg HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: image/jpeg
last-modified: Wed, 20 Jul 2022 20:41:24 GMT
accept-ranges: bytes
content-length: 26722
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/components/jquery.bxslider/jquery.bxslider.css?ver=6.0.2
192.64.118.42200 OK 1.1 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/components/jquery.bxslider/jquery.bxslider.css?ver=6.0.2
IP 192.64.118.42:0
Hash 796bd86c7201cb788ffc199e39fa1f92
b7e16ba17b6a30ff4ed761f8d5436df425abbe66
8e4a339ed0975475e656539fc48910ac1f4de52cdbdc8d553c33e691b2dd5798
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/components/jquery.bxslider/jquery.bxslider.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1074
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.9.4
192.64.118.42200 OK 974 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.9.4
IP 192.64.118.42:0
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash fd8b126d3265cc6afc5b672273f78531
5058e579885cccf36c44bdeb5b7318bd75952af9
72da6709db061566cb5f67322f674a77f68acb69ac6181d37f9ca4a1bb7287b7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.9.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Tue, 19 Jul 2022 23:16:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 974
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
192.64.118.42200 OK 12 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
IP 192.64.118.42:0
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash ffaf7209dc64fddae148d6ccfe72f9b6
6b15f69986056d54761ccea527989632c011be28
85dc3d2bd6460a22ba2c1f3ad17082b18e0f59267fad232550252b4a63c44501
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 13:12:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11776
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets//css/widgets.min.css?ver=1.7.0
192.64.118.42200 OK 106 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets//css/widgets.min.css?ver=1.7.0
IP 192.64.118.42:0
Hash 8aa336092252dd9a5c55b127d63c4ab5
10480e678b016fd75b58f897c9717759e11cc9b6
f37b7854efd842ef1a95466e1d416889aa32601b9d992c179b4188b066b9c3bd
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woo-altcoin-payment-gateway/assets//css/widgets.min.css?ver=1.7.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 11:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 106
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
192.64.118.42200 OK 3.7 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 192.64.118.42:0
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash b3777786fbf0ac18aa59c687154a9db8
3f24b0cfae49dc3e70f149edaf203a661cd59c88
8e3993f3b5eb33611a7c40d80d1cb048b4329ebb9ad0d9e8eb583e48fda70bb5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 01 Sep 2022 12:44:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3689
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/plugin.js?ver=6.0.2
192.64.118.42200 OK 8.7 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/plugin.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (12453), with CRLF, LF line terminators
Hash 8d5c9a4a8f02b9b9138f595f0e17185d
08d8e337b6ea0b3cd617abdbeca19d8780450eed
256dc603ab52a545a178238d280ec85f5df3657559a890d653ffacde4558e01c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/plugin.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8696
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/gmap3.infobox.js?ver=6.0.2
192.64.118.42200 OK 3.9 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/gmap3.infobox.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (5645)
Hash 4595386768ba2d306ed35c6172ca1819
f1e6d89b166c967e3614a354db5c17cc9db03fd0
40b96dd847040cb444e0a8eb7a43abc4cad21740e7481b67ce827912263462d4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/gmap3.infobox.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3892
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/animate.min.css?ver=6.0.2
192.64.118.42200 OK 4.4 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/animate.min.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (58976), with CRLF line terminators
Hash 8ca63e43c7d14e8b9381827d928261fc
ce7dc28946522a2caa006efd131271b1bde4bad2
c6604f10f48416f2295ae1f27af93e6e33df1de852bf1d61343866c21a2dd939
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/css/animate.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4363
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=6.0.2
192.64.118.42200 OK 4.0 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (11484), with no line terminators
Hash afba95e9d8b68de8a182844bf3d210c6
15ff42025d6279456ddcae01e40e518d18f56300
72df0c1220af2d9bc12439b1f788e797334059aa057e4c9ca94b8409ebc5782d
GET /wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3953
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/font-awesome.min.css?ver=6.0.2
192.64.118.42200 OK 3.8 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/font-awesome.min.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (17618)
Hash 897df7e9ea8c8d975382e8e25e318639
18d7f4852e39e20019101ed366043acd9ed27110
0ab775c96e2d363fa8e6e726a131597a7f94c8ab2bd0155e914b2c4c8f3f4abc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/css/font-awesome.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3753
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=6.0.2
192.64.118.42200 OK 1.4 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=6.0.2
IP 192.64.118.42:0
File type HTML document, ASCII text, with very long lines (2861), with CRLF, CR line terminators
Hash bf4305883b07b3952eb133421045fa26
ee5c2ed19e1cd1c689d66e4e50ca2d17be637e8d
75a5eb36be38006c582bcb02ec213c4f35b9e968459fea86677c21d3dedaa54f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1368
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
192.64.118.42200 OK 2.8 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 192.64.118.42:0
File type ASCII text, with very long lines (9680), with no line terminators
Hash 8a91034fce0e4a2464d2170d38d31382
f00c20cfcbd136ee9aa20d07085c10f470548fe4
1a8f0bcd2b76caf977b08ed30bdd29eb77405ca4c1fe2315b41f8fe2542f1528
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 01 Sep 2022 12:44:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2799
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/bootstrap.min.css?ver=6.0.2
192.64.118.42200 OK 16 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/bootstrap.min.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (65366)
Hash 067f9319d02465b1f87cc57288917f66
da9fab29468f52a888650cfac520644912222472
2e74a4915e3ca1c05e82f6a00c00988eda958ed3b67337430fa7a558250799b7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15893
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/comment-reply.min.js?ver=6.0.2
192.64.118.42200 OK 2.5 kB URL HTTP/2 flightsofqatar.com/wp-includes/js/comment-reply.min.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (2968)
Hash f3a7c010a1429d50e2cda67491090470
307d82b9e68f1d51be2b472c22d0adc5df3dc9c8
e6054444c25ed13b8bc365b1122255bda3f873cf4451269d75e5a15ebcb7e0d2
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/comment-reply.min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 09 Apr 2022 05:37:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2528
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/components/flexslider/jquery.flexslider-min.js?ver=6.0.2
192.64.118.42200 OK 7.7 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/components/flexslider/jquery.flexslider-min.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (23016)
Hash c914dafa49b0b0d674c12a7052188715
67ae3de0e201eb5005f1eec10b979299ad2ea03e
4ab617a9b7c2d0e2653a4cc382610da5b02228f39ff8a6b5c01d5191862975e7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/components/flexslider/jquery.flexslider-min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7676
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.9.4
192.64.118.42200 OK 8.4 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.9.4
IP 192.64.118.42:0
File type Unicode text, UTF-8 text, with very long lines (62753), with no line terminators
Hash 60aea8fe062ea93aa6dfa342ea23b7fd
bf9a4843acf8f1f116ef2cae7fb40a9a2f37253a
7db430ef3124de87a8a33cf0ffe134a86bff67de803eea16f4b3ed4d2d569d4f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.9.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 00:24:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8432
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/custom.css?ver=6.0.2
192.64.118.42200 OK 913 B URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/custom.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with CRLF line terminators
Hash b3f914c536905b73b18ccaddc5715dbb
ee18f7c9ad991f8ee7eab94566f9685809a5dac2
f72cdf4cfbc547184b1ba65e44f5f82c9ede47820dbc88d4e919537c2af2c7ce
GET /wp-content/themes/Travelo/css/custom.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 913
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/responsive.min.css?ver=6.0.2
192.64.118.42200 OK 2.8 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/responsive.min.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (16216), with no line terminators
Hash 84c5a9e5aedfa31f6408e752d2096d0b
55a44d1555a1d00f9d47b0a77fac1b458c5ad1c8
dbecb3e7ba21be919487d60b0799d413aac8e4e73146fa611bb29fa376cb6b55
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/css/responsive.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2760
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
images.immediate.co.uk/production/volatile/sites/3/2021/10/GettyImages-1292391547-1-1e1a811.jpg?quality=90&webp=true&fit=2200,1465
151.101.86.137200 OK 474 kB URL HTTP/2 images.immediate.co.uk/production/volatile/sites/3/2021/10/GettyImages-1292391547-1-1e1a811.jpg?quality=90&webp=true&fit=2200,1465
IP 151.101.86.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 474 kB (473992 bytes)
Hash 3d209d1bccf3cd5d172273048246558a
fd0a0b90fa7255d242b1ca5ebc2c49cc7a885ffa
fda09a1a55862a85450e5b4fc55df076a31fdbaa00cd695b6437a052850a0701
GET /production/volatile/sites/3/2021/10/GettyImages-1292391547-1-1e1a811.jpg?quality=90&webp=true&fit=2200,1465 HTTP/1.1
Host: images.immediate.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
x-amzn-requestid: ded90b2c-e68b-477c-a22d-d77e9a6a5642
last-modified: Wed, 28 Sep 2022 03:40:03 GMT
x-amz-apigw-id: ZJtCvHYpDoEFY-g=
cache-control: max-age=31536000
x-amzn-trace-id: Root=1-6333c211-562a8c791a262bbc65bc40cd;Sampled=0
via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: L08VnIeu_D3PthJqkFVF3UZcWMF-JmGHv7gEFuX3J3o7eTdgeesO0w==
accept-ranges: bytes
date: Wed, 28 Sep 2022 03:40:03 GMT
age: 0
x-served-by: cache-bma1668-BMA
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
fastly-geoip-countrycode: NO
access-control-allow-origin: *
vary: routing_service_test
content-length: 473992
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/woocommerce.css?ver=6.0.2
192.64.118.42200 OK 2.8 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/woocommerce.css?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with CRLF line terminators
Hash b46022d7c4b8dae0e771b4873d3d0843
6b63735c41ca41ef92b63f987075e04fd662d72b
adaa077bb466c57c905434b34857b72d5305472f5470c5b1e8e120c61d704591
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/css/woocommerce.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2798
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=2.7.7
192.64.118.42200 OK 5.8 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=2.7.7
IP 192.64.118.42:0
File type Unicode text, UTF-8 text, with very long lines (827), with CRLF line terminators
Hash 3c36292ccabb06468e7d58184ea5d857
962404fc0867a0af8295a015229234a1ace74abe
7fab92180e5e433e10c5f010ab67694ba486c7a300fe5a17f268255fe71be6e4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=2.7.7 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5789
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/map.js?ver=6.0.2
192.64.118.42200 OK 2.4 kB URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/map.js?ver=6.0.2
IP 192.64.118.42:0
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash ccb62332049b3b6df53c8187966ddb6e
38b5438a266dee32e2ae76aaadc0f039d3310a05
fdba1a8cfbf21c6f794ddb75e9dfa2389f2ac8fe917e9f734eb79d40688f7ec8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/map.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2413
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/uploads/2022/08/AEB3B8E2-947A-46CB-8139-30DBC10F447E.webp
192.64.118.42200 OK 6.9 kB URL HTTP/2 flightsofqatar.com/wp-content/uploads/2022/08/AEB3B8E2-947A-46CB-8139-30DBC10F447E.webp
IP 192.64.118.42:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 44168a4ac7ce628c763e1f26c5e62316
2a252f8b4aa85f1870c2b08408d20b094dee475e
6ffeb85b947ab796f4258301173a7a22cee4e6d811699c50a511324eb54e712f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/08/AEB3B8E2-947A-46CB-8139-30DBC10F447E.webp HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: image/webp
last-modified: Thu, 18 Aug 2022 01:49:07 GMT
accept-ranges: bytes
content-length: 6948
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.9.4
192.64.118.42200 OK 3.2 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.9.4
IP 192.64.118.42:0
File type ASCII text, with very long lines (9115)
Hash 66c388e07cfb57895688b3347ab7290b
f23bd7a31995b3b19924575f2afa297a29257856
3971f3ab5179d1f4f91d2c102f27c2bf1dac2c04e2f62ff3eae3ebfa8c28494e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.9.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Tue, 19 Jul 2022 23:16:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3245
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.9.0
192.64.118.42200 OK 6.8 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.9.0
IP 192.64.118.42:0
File type ASCII text, with very long lines (20118)
Hash 2c667f570854cfb40c38769c503eb94d
720c2e994e421b8f11e2cc2ebdb169ba9db51126
de8e9594ea6b3d7445d8db4372219bc66f4526b6ec818b9377f5af557c1d7cbd
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.9.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 13:12:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6761
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets//css/checkout.min.css?ver=1.7.0
192.64.118.42200 OK 680 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets//css/checkout.min.css?ver=1.7.0
IP 192.64.118.42:0
Hash 97fb3a63b1ea136e0dab2a674243d3d2
3b1ea9b6b0cc707082f1345c9614368eec414e11
111351771ba08fa9ded054a13163ca21d72525b0afb8391be3024a30a317df70
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woo-altcoin-payment-gateway/assets//css/checkout.min.css?ver=1.7.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 11:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 680
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_facebook.png
192.64.118.42200 OK 1.4 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_facebook.png
IP 192.64.118.42:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash fd252856427200b657dbc55dddbd1217
af4029bf1ab66c8211b37fe27f7e0e3bfa588f41
0dce5940cfbb1995ffa0933df7bdd96af2b9bfff5f4ae12dc1641ad0ce920019
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_facebook.png HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: image/png
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-length: 1357
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets/js/wapg_ajax.js?ver=1.7.0
192.64.118.42200 OK 1.3 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets/js/wapg_ajax.js?ver=1.7.0
IP 192.64.118.42:0
Hash 19b2bf8168abba36f3e30f11f7987013
b9d7d597017ac71b7373550015c311f45b04d843
2b8056b0bc754b3d5d7336a6315d004d056cd5ab5613fa9f753cf9f3886a576c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woo-altcoin-payment-gateway/assets/js/wapg_ajax.js?ver=1.7.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 11:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1315
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_instagram.png
192.64.118.42200 OK 9.1 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_instagram.png
IP 192.64.118.42:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash beba7b387f04613cb0877eb9ce7c9441
133889f27b630134dac00ef42030c89f0b6e6dcd
84b9e1a326d4700c07ace98644a2a0c39d2216ba280ba82a9e6ba37c2cf230cc
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_instagram.png HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: image/png
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-length: 9059
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.9.0
192.64.118.42200 OK 1.6 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.9.0
IP 192.64.118.42:0
Hash 59ec7f587a584a3e7c940ec5714308d8
5da2629a80a9f8e7b7d9601054002ecc77564cce
20651669f85c13b12c26a9dc53bc1d149a01336387c18a5201e372feb94955ae
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.9.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 13:12:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1584
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/gtranslate/flags/24/en.png
192.64.118.42200 OK 1.8 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/gtranslate/flags/24/en.png
IP 192.64.118.42:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash ec7233b5c80e5db85f7733b2ec25203f
d4c36fff06dc7d920b10eb13b58ea9cd9321b430
347ee97a492f79675749d03533810ff899ee6a784b4e156f3e0a7613cdfb3d40
GET /wp-content/plugins/gtranslate/flags/24/en.png HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: image/png
last-modified: Fri, 15 Jul 2022 10:03:14 GMT
accept-ranges: bytes
content-length: 1767
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.9.0
192.64.118.42200 OK 42 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.9.0
IP 192.64.118.42:0
File type ASCII text, with very long lines (65358)
Hash 6d4b0d5a5a72ede7cb1b41f1888b1472
36bf958ff03d07059e93bd8388f75ba5cbf9044b
f4adbeefd0b26c8c194986bb2f09825ddad65a562ae5718de1e76d7ba653a0d1
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.9.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 13:12:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 42034
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
192.64.118.42200 OK 32 kB URL HTTP/2 flightsofqatar.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 192.64.118.42:0
File type ASCII text, with very long lines (65447)
Hash 72c127c105c4ee0cd0d09556fad7c478
d04c1e8c76b659c054e98f2155b77402948a2628
0f292df3a0b27a6951ab987e084c0c69a1b269d72433264ec0e340741f83064b
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 11 Mar 2021 01:37:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 31596
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.3.2
192.64.118.42200 OK 16 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.3.2
IP 192.64.118.42:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 63440a10045040089c23b9e57001dc2c
ddeedb5fa2831e3c973720cdafd1843d61e6d3dd
5ab6086189a9163156a7fda2cca4ffa21a3c10083a5eb1383196b62a0ea7d131
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/css/jetpack.css?ver=11.3.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Thu, 22 Sep 2022 20:22:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15532
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
192.64.118.42200 OK 5.9 kB URL HTTP/2 flightsofqatar.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (15660)
Hash 4cc48c317988c4057a2677d14438e52f
bac9d041b006edcb62d02006e9e7c07cc98152ad
b8d053faa028d3f95d8bf3b391e7d73805e18b83f9dbb472577e30730a7d1848
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5924
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.9.4
192.64.118.42200 OK 677 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.9.4
IP 192.64.118.42:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.9.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Tue, 18 May 2021 21:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/pdf-embedder/assets/css/pdfemb-embed-pdf.css?ver=4.6.4
192.64.118.42200 OK 1.8 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/pdf-embedder/assets/css/pdfemb-embed-pdf.css?ver=4.6.4
IP 192.64.118.42:0
File type ASCII text, with very long lines (7672), with no line terminators
Hash fb7f4186b19210d57d098e886db6613d
c66793d45c4b430c3abd07be2f362779682d95ea
eecc40f49345857b835f68a6501bbec6ee48eb6b2154617e0a7cedf26184fa3b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/pdf-embedder/assets/css/pdfemb-embed-pdf.css?ver=4.6.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Fri, 19 Aug 2022 04:02:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1770
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=6.0.2
192.64.118.42200 OK 617 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=6.0.2
IP 192.64.118.42:0
File type ASCII text, with very long lines (1472), with no line terminators
Hash a9417b08d84f6bbb29398e2020861d94
7e84b0c1e1f2ab8dbefc1cdcc73a378ceb8526b5
3ee491454e5c72568a37bb1f7837c88cf77ec8b9fefc2f5a77876c27c7f0304e
GET /wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 15 Sep 2022 10:06:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 617
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.9.4
192.64.118.42200 OK 899 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.9.4
IP 192.64.118.42:0
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.9.4 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Wed, 20 Jan 2021 04:55:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=3.3.19
192.64.118.42200 OK 6.3 kB URL HTTP/2 flightsofqatar.com/wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=3.3.19
IP 192.64.118.42:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
Hash ed7b3d71df6c7bfe2786cf9a065b821c
e72a0da64d2179f7faeb534f546269abb3a72dcc
7a9524d3cd1a0659032f661fbb5efa358824ad8431af02a0fe43aec93300122a
GET /wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=3.3.19 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 14:13:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6274
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
192.64.118.42200 OK 8.0 kB URL HTTP/2 flightsofqatar.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 192.64.118.42:0
File type Unicode text, UTF-8 text, with very long lines (8211)
Hash 64480a43594232793ece968e5d7259c1
144d5592f082ffbb737ad585829855d4f7c229ec
5287df03dca69fbe0881c6a50598f956bbcc4cd88acc8aed0cf8365f56d48cb0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 09 Apr 2022 05:37:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7954
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Lato%3A300%2C400%2C700%2C900&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 03:40:01 GMT
date: Wed, 28 Sep 2022 03:40:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.wp.com/e-202239.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /e-202239.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 03:40:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Sun, 17 Sep 2023 22:04:35 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets/js/wapg_app.min.js?ver=1.7.0
192.64.118.42200 OK 0 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets/js/wapg_app.min.js?ver=1.7.0
IP 192.64.118.42:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woo-altcoin-payment-gateway/assets/js/wapg_app.min.js?ver=1.7.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 11:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 74095
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets/js/cs.widgets.min.js?ver=1.7.0
192.64.118.42200 OK 0 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/woo-altcoin-payment-gateway/assets/js/cs.widgets.min.js?ver=1.7.0
IP 192.64.118.42:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woo-altcoin-payment-gateway/assets/js/cs.widgets.min.js?ver=1.7.0 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 11:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 77723
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/js/jquery-ui.min.js?ver=6.0.2
192.64.118.42200 OK 0 B URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/js/jquery-ui.min.js?ver=6.0.2
IP 192.64.118.42:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/js/jquery-ui.min.js?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 12:26:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18249
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11
192.64.118.42200 OK 0 B URL HTTP/2 flightsofqatar.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11
IP 192.64.118.42:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: application/javascript
last-modified: Sat, 02 Jul 2022 13:12:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 46875
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
flightsofqatar.com/wp-content/themes/Travelo/css/style-light-blue.min.css?ver=6.0.2
192.64.118.42200 OK 0 B URL HTTP/2 flightsofqatar.com/wp-content/themes/Travelo/css/style-light-blue.min.css?ver=6.0.2
IP 192.64.118.42:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Travelo/css/style-light-blue.min.css?ver=6.0.2 HTTP/1.1
Host: flightsofqatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flightsofqatar.com/
Cookie: PHPSESSID=b6b9fcf8985126915a7602b1372384ac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 03:40:01 GMT
content-type: text/css
last-modified: Sat, 02 Jul 2022 12:26:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 44827
date: Wed, 28 Sep 2022 03:40:01 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2