r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12004
Expires: Mon, 30 Jan 2023 07:18:15 GMT
Date: Mon, 30 Jan 2023 03:58:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9771
Expires: Mon, 30 Jan 2023 06:41:02 GMT
Date: Mon, 30 Jan 2023 03:58:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 03:43:11 GMT
content-type: application/json
age: 900
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7249
Expires: Mon, 30 Jan 2023 05:59:00 GMT
Date: Mon, 30 Jan 2023 03:58:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ap7+v+t6kZ9tX7We1PyL/6U4adxONMmYDStN5bM3grnSeIfdnQ0Vwq6c/9XZ+4vLu68tsxDKLFw=
x-amz-request-id: M06KGJWM3R8MEYPW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 03:50:35 GMT
age: 456
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 03:58:11 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 03:41:41 GMT
age: 991
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10669
Expires: Mon, 30 Jan 2023 06:56:01 GMT
Date: Mon, 30 Jan 2023 03:58:12 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C400%2C700%2C300italic%2C400italic%2C700italic%7CBitter%3A400%2C700&subset=latin%2Clatin-ext
142.250.74.74200 OK 992 B URL HTTP/1.1 fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C400%2C700%2C300italic%2C400italic%2C700italic%7CBitter%3A400%2C700&subset=latin%2Clatin-ext
IP 142.250.74.74:0
Hash e3f7be0e9d83286deb1866b24368944e
59ea8d3655fc5f524fe5006c8994d8ac02a521ec
258ae0665db13d0f714b1c93eb910581d4ad45c48425cc84833fdf83eea7282b
GET /css?family=Source+Sans+Pro%3A300%2C400%2C700%2C300italic%2C400italic%2C700italic%7CBitter%3A400%2C700&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 30 Jan 2023 03:58:12 GMT
Date: Mon, 30 Jan 2023 03:58:12 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
push.services.mozilla.com/
35.161.4.251101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.4.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gAHfEHMlx8QXUDUYn0l57g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +5H3JU7DzEI7fUOnr+BYvdUhfiM=
nktm.cloud/
103.10.234.110200 OK 24 kB IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 4c7b0f33cc896c8196fc33ea4eee614d
ad0eb387977501a88197b34fc999d11f4590f2c9
4e85df8d3bd11dcac3b865fb23ba2cda5e63877f10a5a7493c9dcda24b872203
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET / HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/8.1.13
x-frame-options: SAMEORIGIN
set-cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; path=/; domain=nktm.cloud
wordpress_test_cookie=WP%20Cookie%20check; path=/
content-type: text/html; charset=UTF-8
x-pingback: http://nktm.cloud/xmlrpc.php
link: <http://nktm.cloud/wp-json/>; rel="https://api.w.org/", <http://nktm.cloud/wp-json/wp/v2/pages/3308>; rel="alternate"; type="application/json", <http://nktm.cloud/>; rel=shortlink
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Mon, 30 Jan 2023 03:58:12 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/slides.css
103.10.234.110200 OK 558 B URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/slides.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash 10ed25c53aa04f2de2839ce5a34604b3
4fe55a0b768ab6d00d48f11af5a67735dbe3582a
15204c91fa0820875116380b2d882b54cbd3cb0cc4b272c42ffd0816790e8ad7
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/slides.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:12 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 558
date: Mon, 30 Jan 2023 03:58:12 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/ilghtbox.css
103.10.234.110200 OK 1.5 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/ilghtbox.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (764), with CRLF line terminators
Hash aeda1d6b1280e4ecb793b8dc9dedc6b6
f549b6c4241b82747cf9c19975203352bc6b6d2f
eb2f0e80cae2a1b197a7329364417aec635bf1604c5737328c88a2157b10fb6a
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/ilghtbox.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:12 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1457
date: Mon, 30 Jan 2023 03:58:12 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/owl.carousel.css
103.10.234.110200 OK 747 B URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/owl.carousel.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash 4645354a07b1c05e8da69930a9478aed
9a504386e076cc8c2efcc5f5c52bc452c5e87e2e
e6611c30c96f1ce58450de73d9456c347c69ba931ab9cc64b81aa225d0250961
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/owl.carousel.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 747
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/magnific-popup.css
103.10.234.110200 OK 1.9 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/magnific-popup.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash a9e1c18f6f4158083880f33d2be8e8e6
417a5153c315575e7bd1edd0e1aa5169dbc878c3
58778006659973dbbb38237551799292eddf701afda4187ad1ddeb38eeb52e4b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/magnific-popup.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1932
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/carousel.css
103.10.234.110200 OK 1.2 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/carousel.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash d18ef4fa8cb9314854cc94b1e8ccd6cc
e254fa442adb23c0a819004cdf8b16e0a47c2586
e163ca58303f587642275f8ec4346e36743d38c981d41cc42b124d2e465239b3
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/carousel.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1234
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/smoothslides.theme.css
103.10.234.110200 OK 1.4 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/smoothslides.theme.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash a2e05de7c00d5e52927ca0cbb59ccdae
f72a2e21468708aab2d0a4354cef8dfc61cc0e66
28d63039bb9468393bcfa36ea7103df401dceb85740a4ef82d26e01f8d5d2b47
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/smoothslides.theme.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1371
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/site.css
103.10.234.110200 OK 1.1 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/site.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash aeb222de76f3dd48a3fe85b87161e9c1
71f2fd83b0f8fe2e5f94f16de338c16128dac7ee
644351fa314cfbff85e58b2423a9039f5c245b07e1a5fba974d12cd5944734b7
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/site.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1105
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/top-style.css
103.10.234.110200 OK 1.7 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/top-style.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash f3619de71945947d573cbcd83d2b2836
6ece0fa87f00a9836b88bded1d5970bb6a4b7d26
e93da78814ef11da1fca68bdefb34865a306ee0f288ec05eadb45f6d1bdd9d0c
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/top-style.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1738
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/photoswipe.css
103.10.234.110200 OK 1.3 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/photoswipe.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 1ae0f2b693d5ee5bd5e8f57c62beb23c
f441c9da8fcacf52c07f2fbca2128da58cf86f7d
731aa0b0f982332d927ec0182a6d48fc18f2f6d173da3b5dfa6ba2c727c955fe
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/photoswipe.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1268
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/default-skin.css
103.10.234.110200 OK 2.9 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/default-skin.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash 54fe55ae4580ceb010d4061676954e54
03dd5c162d10c84d7b485e873a0293912d7d3278
3d271d8b70455bfa4dd2876f14599f66c91187667fda7c9af264eea4f7a79577
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/default-skin.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2932
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/photoswipe.min.js
103.10.234.110200 OK 12 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/photoswipe.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (31587)
Hash 3fb4298b3d25e16ee83f2bfef082c8ed
f2f343f0e8cd4a7dbce7bdb8e82f458c333e860e
f5d87d60e6a40586206fcfcf5d1c742e50348d0ed0478a27f46ebe122f4caa92
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/photoswipe.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 12236
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
interstatecouncil.nic.in/iscs/wp-content/themes/iscs/font-awesome-4.2.0/css/font-awesome.css
164.100.161.29200 OK 28 kB URL HTTP/1.1 interstatecouncil.nic.in/iscs/wp-content/themes/iscs/font-awesome-4.2.0/css/font-awesome.css
IP 164.100.161.29:0
ASN #4758 National Informatics Centre
File type troff or preprocessor input, ASCII text, with very long lines (305), with CRLF line terminators
Hash d92996bfe03c2d1bc10543b56e346518
536362cb45a35315607431f61e10b0b83a0f2bf5
2b15fe96f79fb6ea5a8a31ee4c3340ce0a5f8ee9ad911739339449db2e011ca5
GET /iscs/wp-content/themes/iscs/font-awesome-4.2.0/css/font-awesome.css HTTP/1.1
Host: interstatecouncil.nic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 03:57:57 GMT
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 09 May 2022 09:16:52 GMT
Accept-Ranges: bytes
Content-Length: 28327
Connection: close
Content-Type: text/css
Set-Cookie: TS01cc1984=0161d6dfc3f8dd1e8020f5195702fd456892b2118fa03a93416c2e3802f01cff2634908a6be7345f5b43c32d3a438f409a1a01efb1; Path=/; Domain=.interstatecouncil.nic.in; HTTPOnly
TS01cc1984028=01e4def216ed5c81ab42581715132a26b5a5733ce90144da87083ddb46dd803691ff60ff8a7c939a24c9bf965b5c407abeab0b6297; Path=/; Domain=.interstatecouncil.nic.in; HTTPOnly
nktm.cloud/wp-content/themes/iscs/js/photoswipe-ui-default.min.js
103.10.234.110200 OK 3.7 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/photoswipe-ui-default.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document, ASCII text, with very long lines (9663)
Hash 1d4320c3d56934ceb35cef65b0481269
4d7bbbff0f6d2acc7edf410e9758efb6560317fb
2f693578012b3f6a4a63d168040ae60f0df6e40e344c6904974d16a83fd8f964
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/photoswipe-ui-default.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3745
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/script.js
103.10.234.110200 OK 913 B URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/script.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF, LF line terminators
Hash 569a2371b009a01478d27de4111312c8
7ccfb395279ab5db1d515804e6f6a8e25278c007
546e19eda8cd9fe70e34555a1abc3249d527909950172e27282f8f2140791af4
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/script.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 913
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
103.10.234.110200 OK 12 kB URL HTTP/1.1 nktm.cloud/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (43771)
Hash 9f76c05d4aec8a23bbb9131800060916
ba854132574f3add765c016ff6cef2a30bddc5e0
c73bcff8e403046219e8f9dfb99e029b8d58099b8c5fb5f6508127702fd1b275
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:46:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 11658
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/style.css?ver=2013-07-18
103.10.234.110200 OK 13 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/style.css?ver=2013-07-18
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (348)
Hash 57f9a726118b113ec814dcfe826ffef9
5f46127c40057ee297d015b0e14af9475606f553
30ed024d5568b30b2ea1c0e2299f4a8f014a893c465f5b8e47e2262ae1d4610f
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/style.css?ver=2013-07-18 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:43:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 12647
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
fonts.googleapis.com/css?family=Roboto:700,400,100
142.250.74.74200 OK 667 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:700,400,100
IP 142.250.74.74:0
Hash c2b2a7c3f9101576f486df0915708315
293f9fd245cd1a10c7a58a9d9071eac9e435ed04
5cc1c5be81f8e5131524ee7ba0e73525465d036bafe9584e73a77ccb5a989a48
GET /css?family=Roboto:700,400,100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 30 Jan 2023 03:58:13 GMT
Date: Mon, 30 Jan 2023 03:58:13 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
nktm.cloud/wp-content/themes/iscs/js/jquery-1.9.1.min.js
103.10.234.110200 OK 31 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/jquery-1.9.1.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (65447)
Hash ac7d96ca2bae760f083751f83c26be13
537b514c7347483970450f3066589df9f1b0201b
2148c9ca82ea813a06919cc60133f6339c0fc03a980ea697007370f33dbc1306
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/jquery-1.9.1.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30960
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
103.10.234.110200 OK 4.2 kB URL HTTP/1.1 nktm.cloud/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:45:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4168
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/print.js
103.10.234.110200 OK 349 B URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/print.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (313), with CRLF line terminators
Hash d5ece6063cf147a159d457c6366ddeeb
03780b46bcae6524f324a271d384cec2ec81a431
d9ab44daa48fd8cd8724ab568761b0b4dc45006f48cb4e34a0895f281688d1ed
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/print.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 349
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/genericons/genericons.css?ver=3.03
103.10.234.110200 OK 19 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/genericons/genericons.css?ver=3.03
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (23046)
Hash b60e05b15ee1594b26554c071a6b6df8
b13fa5991a92efbbcd682274b66bbee9e3dbec75
690188168ef730bee9617346cd4ef5eccb7d49d401301a14c32ef495212bedbc
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/genericons/genericons.css?ver=3.03 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:02 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 19196
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/cssmenu.css
103.10.234.110200 OK 1.4 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/cssmenu.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (460), with CRLF line terminators
Hash 590de2dbf0411c8110174f7e23226d66
65b74c1bf1692317906407b0885d91ee55092639
2307d18a5d041e322fd3ce99a536a2fcc112709fdef7f428ea187742044c1dec
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/cssmenu.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1377
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3075
Expires: Mon, 30 Jan 2023 04:49:28 GMT
Date: Mon, 30 Jan 2023 03:58:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3075
Expires: Mon, 30 Jan 2023 04:49:28 GMT
Date: Mon, 30 Jan 2023 03:58:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3075
Expires: Mon, 30 Jan 2023 04:49:28 GMT
Date: Mon, 30 Jan 2023 03:58:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3075
Expires: Mon, 30 Jan 2023 04:49:28 GMT
Date: Mon, 30 Jan 2023 03:58:13 GMT
Connection: keep-alive
nktm.cloud/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
103.10.234.110200 OK 31 kB URL HTTP/1.1 nktm.cloud/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (65447)
Hash 554969c8ed0e4b5eece1261c4e1e9cd0
3b514b21c2e26b2caa15054e43ed00184a8ebc38
4a10709ca76c5112fbaf69e065b4ef93dd37bcffd4ae39b351e56d40c9322123
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:45:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30969
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 25916
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf294e5c-6457-4bdc-b8e4-6cde89bb64f8.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf294e5c-6457-4bdc-b8e4-6cde89bb64f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 029e272400d7190359cd2eabbf418188
6300f72a4e44444fc9e4027fb47a85122650b0f2
ef353caae33db21140027a07d1bf3956c2476baaa69c12c1de3c369ac69b13dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf294e5c-6457-4bdc-b8e4-6cde89bb64f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6927
x-amzn-requestid: 6749dadd-1cbd-4e35-9dae-20337098eccf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGjtGWwoAMF87Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf847d-3c470030501c0e572e9f2560;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:10:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AZgJTalW0bIj3KeZYEB5vTy9yVErnDqk8EC2Si8WWFnOjzMiqc8mxw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:15:27 GMT
age: 20566
etag: "6300f72a4e44444fc9e4027fb47a85122650b0f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx-qjsrMLYpLmE-8QmpR46BeRySbUGL2Rrr6LqhEQ8jaEEj_6Aj0qg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:52:09 GMT
age: 21964
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b7a437-43da-4218-a8ea-3aa936541e3f.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b7a437-43da-4218-a8ea-3aa936541e3f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0729af7c574710c33356c8c3c7757d6
aec801b4158398d2d3222e7247532a1b0ba446e3
057d2ed0960c8d83dda10de975594b21ddeaaf8dcc07a106f3b3c121afb90e57
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b7a437-43da-4218-a8ea-3aa936541e3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8159
x-amzn-requestid: 52245e9a-4ea7-470c-ad88-1051471fc543
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbvBxGv2oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4920b-6b6d100e11edfa5307b67933;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 03:10:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kwcwF6EPJ3ZltIfFkoJPMbf0yFQCMQrk-QQE8RzFF-bxJCBp_YDBIg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 03:56:52 GMT
age: 81
etag: "aec801b4158398d2d3222e7247532a1b0ba446e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80079413-a219-4943-96b4-3e14e10bb5ba.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80079413-a219-4943-96b4-3e14e10bb5ba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ff8d0c9899da25e80edbb858b164de
3e2491c5465f3c427a11c32bdfee27767559bb3f
b060501c6d82e97bd4826a62b790d58cd9d7ece8e1590267bc9b48033f3ce9b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80079413-a219-4943-96b4-3e14e10bb5ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7223
x-amzn-requestid: b05a1db9-29e2-42d0-9eca-9a0f462c87c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3IHtpIAMFUkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e693-7e13d93143b5e666313a4b8f;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y8z-TFrhe0-x-KHZd2pIVITumrB18bqIzK_vX9em0eEpt3U8i0sozA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:53:07 GMT
age: 21906
etag: "3e2491c5465f3c427a11c32bdfee27767559bb3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nktm.cloud/wp-content/themes/iscs/css/App.css
103.10.234.110200 OK 1.7 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/App.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash a9993d641f645d2d7f13fb80abeccc65
8c2b85b667ab83b138add2b164a95270cdd45fdf
6c0dfa8e0bb6e3d9a1d246239825c15f5423f1185a707d40ca3c6f2c6f91f296
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/App.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1710
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bfbdca6-432c-4f19-887a-3165827e4bc6.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bfbdca6-432c-4f19-887a-3165827e4bc6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8d680cbaee5ef3e7b8e09b174ed6ecf
6651a0d3041920798240ea67e827c3d458769fa9
4c74e8ebff95e67da678248d3dc1d3f42d98c8a0d33d54d9d2bde36314c9f952
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bfbdca6-432c-4f19-887a-3165827e4bc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3678
x-amzn-requestid: 21cd1ae3-b769-418a-b7f8-5efa486db859
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEvE-RIAMFpmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-6998009c289996563d78616a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Or8AGZIZTzP_EuRHaCfCNrdPQIw2OQW37MKvOTFQIQgO0h18ct0-Xg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:34:10 GMT
age: 19443
etag: "6651a0d3041920798240ea67e827c3d458769fa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nktm.cloud/wp-content/themes/iscs/css/style-blue.css
103.10.234.110200 OK 4.7 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/style-blue.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 0190bda56591f7f7640d267e52caa155
68cb7fd1c3f592d5685187273f0844983198d274
56009db5c39ba4542d44e2a591077423245dab627aeab6dfdc7bc9c053190573
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/style-blue.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4653
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/bootstrap.min.css
103.10.234.110200 OK 20 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/bootstrap.min.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (65369)
Hash 1042dffd181fdaabd1a5ad244118a1a4
0c6b9a3bfa800e77befc895b1c3f6fba70614f35
03817496e293ff474149aafd60cc2cf19a54d38927a28b3e883fcecd049f33c4
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/bootstrap.min.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 19709
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-includes/js/imagesloaded.min.js?ver=4.1.4
103.10.234.110200 OK 1.8 kB URL HTTP/1.1 nktm.cloud/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (5477)
Hash 5bc847fcae1a1a6c4b7f79c00d2b7e29
b2237db0dd679c2c8e397e833f04df00d43165e7
bfa7a74e5830c0c26da7ccc50b8e44b401ce1ee8604fceb62e6c1310c47ddb2a
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1831
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-includes/js/masonry.min.js?ver=4.2.2
103.10.234.110200 OK 7.4 kB URL HTTP/1.1 nktm.cloud/wp-includes/js/masonry.min.js?ver=4.2.2
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (23966)
Hash c64ef876a5380269bf01eee5dc898d2c
ec456158fe4cf279a2ce25a613fc97202acf2b87
6a084e003863350fb53e74d1b75d732cdfd0489a8f1b15907b406f64a40c95be
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:13 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:45:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7376
date: Mon, 30 Jan 2023 03:58:13 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
103.10.234.110200 OK 715 B URL HTTP/1.1 nktm.cloud/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (1626)
Hash 46cfee7a6b6ed76c0fd609b98415e886
27a59318b05327183e1b7807e2071626f4a08419
21245efcfeb0ee1d850f895f472eca45c5d471e10f03e8f10e826218be1c356a
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:45:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 715
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/functions.js?ver=20150330
103.10.234.110200 OK 1.5 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/functions.js?ver=20150330
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash 679097c02c764ce5235e0aa959d647cd
c1092c4b093b2e39faba07f59913780543c7fd0e
330b90501e1d931ff9721f4ba57fbe91b67189d42926c1659733f8e7c3260a07
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/functions.js?ver=20150330 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1466
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nktm.cloud
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 27 Jan 2023 18:19:32 GMT
Expires: Sat, 27 Jan 2024 18:19:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
Age: 207522
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nktm.cloud
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 26 Jan 2023 00:13:09 GMT
Expires: Fri, 26 Jan 2024 00:13:09 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
Age: 359105
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxoderm.co/count.php?c_style=3&id=1474275873
172.96.187.196200 OK 812 B URL HTTP/1.1 maxoderm.co/count.php?c_style=3&id=1474275873
IP 172.96.187.196:0
File type PNG image data, 90 x 20, 8-bit colormap, non-interlaced\012- data
Hash c7eb039c293c0e3996d1143324c7b165
c0c34649e7d89f670f3cb8e6b2b22135746966d1
9b22d4ffc4deebe41cd110d992abd9adf8db1b47b272dfbf10579ec40f82ada6
GET /count.php?c_style=3&id=1474275873 HTTP/1.1
Host: maxoderm.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/5.6.40
content-type: image/png
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-length: 812
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
nktm.cloud/wp-content/plugins/visualizer/js/lib/dom-to-image.min.js
103.10.234.110200 OK 3.4 kB URL HTTP/1.1 nktm.cloud/wp-content/plugins/visualizer/js/lib/dom-to-image.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (9247)
Hash ea54d559baf64dad3d8ccaea949d49e1
ccbc36c56d50ce39035a980368dae38c69a234e7
d554a960d4401ea9b07a91d8a00b0cf873b30b4ba14dd8114823f015ddc72b8b
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/plugins/visualizer/js/lib/dom-to-image.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:41:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3357
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/bootstrap.min.js
103.10.234.110200 OK 11 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/bootstrap.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (39553)
Hash 73a8ec641af288a817a749efad5f0f33
5c17c6af1c288ca780738af7f23784e2a6f7697f
4a72330fd2395601c98468a7db0aeaec4352a9625d55328ba86a3d8b5d80d8b3
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/bootstrap.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 10952
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.animatedgif.net/stars/star4-2_e0.gif
104.193.49.234200 OK 1.8 kB URL HTTP/1.1 www.animatedgif.net/stars/star4-2_e0.gif
IP 104.193.49.234:0
File type GIF image data, version 89a, 47 x 45\012- data
Hash 1c10a377b1e5ced780b943afce6ed518
71f21fbbc633cc1f9fb1e9170521c0462fc31884
72e0457dbf4352f5fc398368faae4fbdfd1cb04b5dd5d9be8483d8dd8a607b90
GET /stars/star4-2_e0.gif HTTP/1.1
Host: www.animatedgif.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 03:58:11 GMT
Server: Apache
Last-Modified: Fri, 28 Dec 2001 03:09:55 GMT
Accept-Ranges: bytes
Content-Length: 1786
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
nktm.cloud/wp-content/themes/iscs/js/App.js
103.10.234.110200 OK 3.0 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/App.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document, ASCII text, with CRLF line terminators
Hash 5d036b48691c606511389728a68f3087
b90211e06144b39476b8bde29ce18ca6c032a384
c6c257704bfde2250ec1d466d4f3736b50c8d711d0abd8ed22f030d5642b33cb
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/App.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3008
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
www.youtube.com/s/player/4248d311/www-player.css
216.58.207.206200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/4248d311/www-player.css
IP 216.58.207.206:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8a6331ed48be29c59230b0c7360068de
22a20436f427d6b8e26eb30ed9aab51a43d389bf
72f0818ab04697fc29d331b2add584f3cd5e269446c7297300701a4666c9d95e
GET /s/player/4248d311/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dUPnzO6t0ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49911
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 17:26:43 GMT
expires: Fri, 26 Jan 2024 17:26:43 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/css
age: 297091
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nktm.cloud/wp-content/themes/iscs/js/scrolltopcontrol.js
103.10.234.110200 OK 1.6 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/scrolltopcontrol.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash ddec75297ca4c80639983efa8f9c7c42
9242eb131f8c3753673eea93f49720e84347f4e5
19c0aa96821b76c27b191ff2141c804fc0bc9f756d658ded15050a61b01981cc
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/scrolltopcontrol.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1630
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
www.youtube.com/s/player/4248d311/www-embed-player.vflset/www-embed-player.js
216.58.207.206200 OK 109 kB URL HTTP/2 www.youtube.com/s/player/4248d311/www-embed-player.vflset/www-embed-player.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (679)
Size 109 kB (109432 bytes)
Hash 711fcfe6f1ab52d89ab3474d437c1e48
b2f3e69e9d40b193de5e76ae13c6ad9ce0a8e537
361236d1317543e128074c35d22d65a2ba70f6ce9906b07a543e6b3c96239019
GET /s/player/4248d311/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dUPnzO6t0ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 109432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 07:29:42 GMT
expires: Sun, 28 Jan 2024 07:29:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/javascript
age: 160112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/4248d311/fetch-polyfill.vflset/fetch-polyfill.js
216.58.207.206200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/4248d311/fetch-polyfill.vflset/fetch-polyfill.js
IP 216.58.207.206:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/4248d311/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dUPnzO6t0ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 20:21:26 GMT
expires: Sun, 28 Jan 2024 20:21:26 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/javascript
age: 113808
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nktm.cloud/wp-content/themes/iscs/js/modernizr.js
103.10.234.110200 OK 4.2 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/modernizr.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document text\012- HTML document, ASCII text, with very long lines (9202), with CRLF line terminators
Hash 023225363ca0e9283fe25d9702ebb331
3f1503b420fb7033bd37891d4254204ec61d374e
9693f532806c9b3e7466bee35a6c670ab4e87da620a4da80c347068239b7376a
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/modernizr.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4183
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/owl.carousel.js
103.10.234.110200 OK 8.8 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/owl.carousel.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash 59aa4d56cea20ac00f0edb5ee1709a41
26f4a279464b57e3df8d10676eb50f50899a0af1
d32f74d3201f23941cb6a7a49b693fe324e2809387074ae281b7941cf0f3ff01
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/owl.carousel.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8786
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/jquery.magnific-popup.min.js
103.10.234.110200 OK 7.6 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/jquery.magnific-popup.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (20803)
Hash 6b7dbbbf383239c8e9424c5d3cb78919
5e065fe6e5cbc2e28b20776af0cb97e7e94a4f0e
da7f2c8626384366728b6737c8884d52ec7bb1aac8895f8bb0cbb8557f9df561
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/jquery.magnific-popup.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7601
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
interstatecouncil.nic.in/iscs/wp-content/themes/iscs/font-awesome-4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0
164.100.161.29200 OK 245 B URL HTTP/1.1 interstatecouncil.nic.in/iscs/wp-content/themes/iscs/font-awesome-4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0
IP 164.100.161.29:0
ASN #4758 National Informatics Centre
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 1bc28b20c8ccf13e2c8c07bceb7bac98
00f684bce71052a69f273ae77218c169d8cd53b9
97c6d4c94b7da6dab9be8eee63f621189746aeac59b25cf3686ed6cf68a4b934
GET /iscs/wp-content/themes/iscs/font-awesome-4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: interstatecouncil.nic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nktm.cloud
Connection: keep-alive
Referer: http://interstatecouncil.nic.in/
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 245
nktm.cloud/wp-content/themes/iscs/js/jquery.appear.js
103.10.234.110200 OK 1.4 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/jquery.appear.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash ad3b315ff34383f11e4fb38a4e336b8a
fb351d02b823f41bf2c6873facb6403d07620935
a0d555fffc98497eacce6486c4a5de1b371cb704fad00efb0bde476f70519b7e
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/jquery.appear.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1356
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/template.js
103.10.234.110200 OK 5.1 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/template.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with CRLF line terminators
Hash a9854f6bf43a1dc59306b47d4f7a2268
4aed1bb33621feffafa8f1a0d2ad4ae31e550ccc
63f4395abd9c969a17ef369d599bb9e3cabf5ebd847f9448d0747fd2ef6a3499
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/template.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5083
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/ekko-lightbox.min.js
103.10.234.110200 OK 3.3 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/ekko-lightbox.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document, ASCII text, with very long lines (11490)
Hash 41e770bc3ab30203d4d788757234acad
bf6bb595cb81c25f07e865235426e615e5661033
0de94a9a27a61382afed6c95ee891598008e6c19751e46fb3e005635de916782
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/ekko-lightbox.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3286
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/jquery.bootstrap.newsbox.min.js
103.10.234.110200 OK 1.6 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/jquery.bootstrap.newsbox.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (5056)
Hash 828a404d1f2f33cd9eab9af052323624
63138e0832031e6afc95a365d40adb6bc4d0e6f4
4831d2f1059495d3f4120da732cef7fbd96f233b04a48e7d7f817e13607073c1
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/jquery.bootstrap.newsbox.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1642
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/jquery.slides.min.js
103.10.234.110200 OK 3.0 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/jquery.slides.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (11459)
Hash b6851b2ee492e1ebbb9092b1b6868f63
00402df56d59d0b989df80958279044731e188cb
d9466f2b1d921052d0247799b9cc64a82fd3770c0dfb7bde2de65feb4040f871
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/jquery.slides.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2955
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/js/smoothslides-2.1.0.min.js
103.10.234.110200 OK 1.7 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/smoothslides-2.1.0.min.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type Unicode text, UTF-8 text, with very long lines (9774), with no line terminators
Hash 90a00218ea0459d4401df7910266ab5f
7fe1b077e3d9fcd530d88a79227dd11ef4088e2d
77634128939e69a58ddb3c476a9e2ae8f4045750be9dfb5e8ca0d57231d58e62
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/smoothslides-2.1.0.min.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1658
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
103.10.234.110200 OK 5.0 kB URL HTTP/1.1 nktm.cloud/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type ASCII text, with very long lines (15660)
Hash 848f9aadf194f3d024a2a90dbd11e3b5
aecd4b03b5a7829c6ca015d926798dc95e4fa912
36ff79b2f6827e46be1df95ff739e536718c0ee4fc09462678b32d7abd60fc6c
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:45:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5021
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/visualizer/customization.js?_=1675051104411
103.10.234.110200 OK 302 B URL HTTP/1.1 nktm.cloud/wp-content/uploads/visualizer/customization.js?_=1675051104411
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 30ecbc97438004a5d2c5f5c7b9311112
61932b5e04aeed92f59b8a9a6802d5faeb680aaf
3ba3d88a73c10b2e70ca6ff5c3c38e6c54106b6e4a7bd4eb8164387b03b8906c
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/visualizer/customization.js?_=1675051104411 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:42:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 302
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/plugins/visualizer/js/render-google.js?ver=3.9.3&_=1675051104412
103.10.234.110200 OK 5.6 kB URL HTTP/1.1 nktm.cloud/wp-content/plugins/visualizer/js/render-google.js?ver=3.9.3&_=1675051104412
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 2efb543d131b441e49cabed943076a11
56a9514a38d858c33bd2d9ff35d2f347018a8c6f
0827752dafd924a45c05be045bbb5611f19b8747a0ed9787f342a65f5c688908
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/plugins/visualizer/js/render-google.js?ver=3.9.3&_=1675051104412 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:41:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5568
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/plugins/visualizer/js/render-facade.js?ver=3.9.3&_=1675051104413
103.10.234.110200 OK 2.5 kB URL HTTP/1.1 nktm.cloud/wp-content/plugins/visualizer/js/render-facade.js?ver=3.9.3&_=1675051104413
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 9770a1722c278aace702ea157505932f
4677298eafa7788b50ca2f804a5cef9a16ae7986
7f825c0c2ca355c6c49ecbb4afd56d4eb0ebc85c80e43d6efcc9807714204870
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/plugins/visualizer/js/render-facade.js?ver=3.9.3&_=1675051104413 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:41:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2458
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
interstatecouncil.nic.in/iscs/wp-content/themes/iscs/font-awesome-4.2.0/fonts/fontawesome-webfont.ttf?v=4.2.0
164.100.161.29200 OK 245 B URL HTTP/1.1 interstatecouncil.nic.in/iscs/wp-content/themes/iscs/font-awesome-4.2.0/fonts/fontawesome-webfont.ttf?v=4.2.0
IP 164.100.161.29:0
ASN #4758 National Informatics Centre
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 20dbf2521ca8169461fd8d9e15a3a24f
c56d37930cb081c65a0e2b36d9b8b32d07a41b7f
7973feb3ce0520bbe4b117c60863a04f37dbe7ef13850d605168d8a137fd5310
GET /iscs/wp-content/themes/iscs/font-awesome-4.2.0/fonts/fontawesome-webfont.ttf?v=4.2.0 HTTP/1.1
Host: interstatecouncil.nic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://nktm.cloud
Connection: keep-alive
Referer: http://interstatecouncil.nic.in/
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 245
nktm.cloud/wp-content/themes/iscs/img/stripe.png
103.10.234.110200 OK 2.2 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/stripe.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 255dd5d81dce79b9657c6beb758108f6
5e838c9c9c77d83a962fdca13775659862403b6d
dc6bbdcba1d47c8cba545b869b005d5a979f68b8bb14208fb49dc04394e7f025
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/stripe.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 2209
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/themes/iscs/img/greyTheme.png
103.10.234.110200 OK 3.0 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/themes/iscs/img/greyTheme.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 20 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash df8871c578765e52b2ae30dde43a8eba
ea310b2679162aea21968ed6bca9997be9d03379
fdc58da995b1080cf63b04058da9351cbe3b24389b405c5bef1cd3a4353c920f
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/themes/iscs/img/greyTheme.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:39:52 GMT
accept-ranges: bytes
content-length: 2959
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/themes/iscs/img/orangeTheme.png
103.10.234.110200 OK 3.0 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/themes/iscs/img/orangeTheme.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 20 x 22, 8-bit/color RGB, non-interlaced\012- data
Hash 4e81bc64af10f362e28afda43d214aed
b76d46387bec90504180ed3c86e6d4abab7f69c3
316c714ac0d1285c2d25aeb7269f6fa8eb6be5dcaad64cdec3a8a26906c49287
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/themes/iscs/img/orangeTheme.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:39:52 GMT
accept-ranges: bytes
content-length: 2954
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/08/indian_gb-123.png
103.10.234.110200 OK 74 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/08/indian_gb-123.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 1479 x 104, 8-bit/color RGB, non-interlaced\012- data
Hash ba5a9218e9ac02f8c49320160169ebdd
a3491bb503e652a3d6513835ef051ddb2bcc8f63
6cd856d71fff57596d1db7e63bf7a504464bdc86e00d15e81edba2d6c691d5f3
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/08/indian_gb-123.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:40:04 GMT
accept-ranges: bytes
content-length: 73469
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/09/indaflag.png
103.10.234.110200 OK 5.2 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/09/indaflag.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 255 x 170, 8-bit/color RGBA, non-interlaced\012- data
Hash f65ab6160b57209f5c99386709279499
a6316568e4fef276507d5e311ab8012e555a59ec
d899b797bade9c3c48cba7b351670325df7c7b74eaf1267382e7e9a638be3d93
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/09/indaflag.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:40:18 GMT
accept-ranges: bytes
content-length: 5237
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/css/style-grey.css
103.10.234.110200 OK 4.7 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/css/style-grey.css
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash c80ff644220398793995983f4142e51d
bf33fd725544f1f4d8c06fd0001aaa3d1635c2ba
242209ef4d6af6310ea1b9bc8c99e241e2a32656ba090715d71d7c7f23092faa
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/css/style-grey.css HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check; Theme=null
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: text/css
last-modified: Mon, 09 Jan 2023 09:44:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4742
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/visualizer/customization.js
103.10.234.110200 OK 28 kB URL HTTP/1.1 nktm.cloud/wp-content/uploads/visualizer/customization.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash b88853527fd143e8c4d380d6d996ca5a
7b396a37c875ba6e690f3abf7180114a6d84e17b
dd719f56daed918a0e340d0f17b2fcd8bd95363c7976c3f176cf73622c24ac6e
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/visualizer/customization.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check; Theme=null
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:42:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 302
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d12e9ff2f182d3ce52d59d589ab5a61d
1d39c5eed0a766cbee2fe1f0729eab7472f56d7f
e675272e9b74782eb09ee52be90da7a92ba0cbe71fccba9bd8c4416e4817b13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nktm.cloud/wp-content/themes/iscs/js/jquery-2.1.3.js
103.10.234.110200 OK 472 B URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/js/jquery-2.1.3.js
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/js/jquery-2.1.3.js HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:14 GMT
content-type: application/javascript
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 73327
date: Mon, 30 Jan 2023 03:58:14 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 03:57:52 GMT
expires: Mon, 30 Jan 2023 04:12:52 GMT
cache-control: public, max-age=900
age: 23
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d12e9ff2f182d3ce52d59d589ab5a61d
1d39c5eed0a766cbee2fe1f0729eab7472f56d7f
e675272e9b74782eb09ee52be90da7a92ba0cbe71fccba9bd8c4416e4817b13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
142.250.74.34302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Mon, 30 Jan 2023 03:58:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nktm.cloud/wp-content/plugins/visualizer/js/render-google.js?ver=3.9.3
103.10.234.110200 OK 5.6 kB URL HTTP/1.1 nktm.cloud/wp-content/plugins/visualizer/js/render-google.js?ver=3.9.3
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 2efb543d131b441e49cabed943076a11
56a9514a38d858c33bd2d9ff35d2f347018a8c6f
0827752dafd924a45c05be045bbb5611f19b8747a0ed9787f342a65f5c688908
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/plugins/visualizer/js/render-google.js?ver=3.9.3 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check; Theme=null
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:41:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5568
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
142.250.74.34302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Mon, 30 Jan 2023 03:58:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Mon, 30 Jan 2023 03:58:15 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b67335a8e235eacf68e4b7f98cc5dc40
887a9b34cf2ba9371bbe8c93e362c174668cf812
1ad2f6328af6d819acd85f4e4646afcafd945e17e555d5eeb54244db83cd48fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/J0Wtb-3apQjiEgHhOVup9kp7pTLa1a3i127gprViyoA.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/J0Wtb-3apQjiEgHhOVup9kp7pTLa1a3i127gprViyoA.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36008)
Hash 8a1e64e80c9189aaa07733ae98ea030b
de788d5e003c05a2b43c8f16557e6a4f27eb00ff
cdfd098bd8fb947a53ebeaf0e8e0bdd0d6a31eb6a7c0e1403331403cc48a5a1e
GET /js/th/J0Wtb-3apQjiEgHhOVup9kp7pTLa1a3i127gprViyoA.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14261
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 10:05:58 GMT
expires: Fri, 26 Jan 2024 10:05:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Jan 2023 15:00:00 GMT
content-type: text/javascript
age: 323537
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d12e9ff2f182d3ce52d59d589ab5a61d
1d39c5eed0a766cbee2fe1f0729eab7472f56d7f
e675272e9b74782eb09ee52be90da7a92ba0cbe71fccba9bd8c4416e4817b13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 7e514912373fce31cb200afd9e394f9e
216e556809f0f906479979669521048127d7e812
6f5237fa17e8e33df3d47c38e06b7532e6522437afec0706cf0c9d8c1a681c99
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 30 Jan 2023 03:58:15 GMT
server: ESF
cache-control: private
content-length: 30854
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 42bbffade58ce174ac61ec094b791adf
d50e44f0e74a5f43ab5777bade7b7a7e77ca2b58
6e67a72c165edfd89bb93c7dae08ebfb14a0025ae3d5a8b315e8356b1570aa78
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 30 Jan 2023 03:58:15 GMT
server: ESF
cache-control: private
content-length: 31073
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 03:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nktm.cloud/wp-content/themes/iscs/img/btns-next-prev.png
103.10.234.110200 OK 3.8 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/btns-next-prev.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 59 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 784eb2129a85a0ccfee1397ca4956572
19fae583a625f27bbfb6d71e8a028aea3f667b23
641bd8c8e35fbc260b58c80a43ac99bc51ee3700e44b1348096f6aa93fcdbee4
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/btns-next-prev.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check; Theme=null
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 3756
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/09/meeting16.jpg
103.10.234.110200 OK 58 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/09/meeting16.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2016:09:02 13:49:40], progressive, precision 8, 275x171, components 3\012- data
Hash b8dcee69cee8caeb42f861a75eca6483
1d5b5a6ddda1a30374895d59a474bb0fc0300480
ede749e30a6b3e1d96d17ea8a9cc21d2e2da8f67f6c179b2bd6feb30b617ed67
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/09/meeting16.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:40:16 GMT
accept-ranges: bytes
content-length: 57598
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/08/digital_india_logo_0.png
103.10.234.110200 OK 15 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/08/digital_india_logo_0.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type PNG image data, 185 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash 328dcad2b7bf5225a7501e95799d9f70
36b3341a656cf18728c083d4d81fdc454466c250
3717fdd14de8dcddef26d845226b377a65724d75adc6628d9ce23b2781696f26
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/08/digital_india_logo_0.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:40:06 GMT
accept-ranges: bytes
content-length: 15023
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/img/mygov.jpg
103.10.234.110200 OK 18 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/mygov.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=113, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=320], baseline, precision 8, 185x76, components 3\012- data
Hash a2717607bffaaf0c7ffa8924438396d5
1a16241f83ce90feb5618f8acbe3d2b975d3b1aa
27ffadf256c1e748b2cb7d44bd9230800bab25f11a7827152c5e1b274376c5e3
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/mygov.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 17861
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/plugins/visualizer/js/render-facade.js?ver=3.9.3
103.10.234.110200 OK 2.5 kB URL HTTP/1.1 nktm.cloud/wp-content/plugins/visualizer/js/render-facade.js?ver=3.9.3
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
Hash 9770a1722c278aace702ea157505932f
4677298eafa7788b50ca2f804a5cef9a16ae7986
7f825c0c2ca355c6c49ecbb4afd56d4eb0ebc85c80e43d6efcc9807714204870
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/plugins/visualizer/js/render-facade.js?ver=3.9.3 HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check; Theme=null
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 07:41:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2458
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.106200 OK 27 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.106:0
Hash 4d23471a561bb6b8543850ec08248c04
47c716c89dd4d975fb9401b4dc8558a0e54e46c3
b6a2335fa2f40954ca355521e0f2afe3b216f8ede19a5ccb1c7242ea89a8cb2f
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Mon, 30 Jan 2023 03:58:16 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.106200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 9345c402ae6747679d73294892c09ee8
0eb798d97dc534d363832ac848e80283f8138576
f3da7376ac427982582c7551993ac8cfbed9b8b769097897fc95c3785f47fc67
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1222
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 30 Jan 2023 03:58:16 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nktm.cloud/iscs/wp-content/uploads/2016/09/meeting15.jpg
103.10.234.110200 OK 64 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/09/meeting15.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2016:09:02 13:47:15], progressive, precision 8, 275x171, components 3\012- data
Hash 99eff785e29f83f3323a8c3120cbe8da
f5b3ddc67491f8dd6e910f3782ba6a8014c1aa7e
656d8bfba3bc06a7b3f2968e4a86176f60b3bffb1f521c78c20e272bbefca9ef
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/09/meeting15.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:40:18 GMT
accept-ranges: bytes
content-length: 64290
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/img/national-portal.jpg
103.10.234.110200 OK 30 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/national-portal.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=113, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=320], progressive, precision 8, 185x76, components 3\012- data
Hash c0dd03ced6d5357d9b666a3c14a47135
2a92e1f079096872fb3b8e5945b046e8e20b9d72
355eba056dc08ce2788d2e099b0a9cae34747055b195bf248130aae24fcbc7da
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/national-portal.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 30405
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/img/india-at-hannover.jpg
103.10.234.110200 OK 24 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/india-at-hannover.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=371, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=618], progressive, precision 8, 185x76, components 3\012- data
Hash b8ca2ce59296837e2cde54cfeee401e2
04bf9eb5bb45b2590497415ad9ae15138de01d2c
88cf1e02d389229d96a3ddb6e7047e9ae97e6c9f9b9078fffe788cb3038ef162
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/india-at-hannover.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 24158
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/img/swachh_bharat_abhiyan.jpg
103.10.234.110200 OK 26 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/swachh_bharat_abhiyan.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=15, height=955, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1653], progressive, precision 8, 185x76, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 25972-27759, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 1102415111966564640882688.000000, slope 262980090078035741300317468229632.000000\012- data
Hash 2be8baf42fb181f0ccc94ab1db4eeb44
dc12525534639cb7acd824925c745b861907e250
853cd840a5877115c05af6089c63883edf0f3b9f5d23345db7a4746db6825d14
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/swachh_bharat_abhiyan.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 26317
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/08/data-gov.jpg
103.10.234.110200 OK 23 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/08/data-gov.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=100, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=200], baseline, precision 8, 185x76, components 3\012- data
Hash 7e620916c70a7cd6d38ce40d7202ab1e
0b01200f4c5d3795c941001aeca2884deb8ee0c8
d25103abc945dca9e231feadc9ab354fecb033a1b5a8e5aabf6377df12d49461
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/08/data-gov.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:40:04 GMT
accept-ranges: bytes
content-length: 22733
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2022/06/Shimla-2.jpg
103.10.234.110200 OK 228 kB URL HTTP/1.1 nktm.cloud/wp-content/uploads/2022/06/Shimla-2.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, software=Greenshot], baseline, precision 8, 1069x720, components 3\012- data
Size 228 kB (228174 bytes)
Hash e9d5d0d956f8885bb3dca06f16924fff
9c9fd6b26ce3805f1ecbf8990ed352009772215d
cde9038953049f396a9566d3f0de625d294fe143ecc51d6b92fffa35ecfd97c5
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2022/06/Shimla-2.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:12 GMT
accept-ranges: bytes
content-length: 228174
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2021/12/DSC1.jpg
103.10.234.110200 OK 397 kB URL HTTP/1.1 nktm.cloud/wp-content/uploads/2021/12/DSC1.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1575x1050, components 3\012- data
Size 397 kB (397043 bytes)
Hash f95a50806a4d536fac5a15fd2d106ba6
fa34eac341c7cb14ac30906190b536d1b569cd26
c0eabe16171e7ca8cba238480597ed4e80619af346e8623463f479f7b75b6d83
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2021/12/DSC1.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:16 GMT
accept-ranges: bytes
content-length: 397043
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/09/amit-shah.jpg
103.10.234.110200 OK 33 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/09/amit-shah.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=16, height=5472, bps=0, PhotometricIntepretation=RGB, manufacturer=Canon, model=Canon EOS 6D, orientation=upper-left, width=3648], baseline, precision 8, 183x209, components 3\012- data
Hash 9ff1edd316e110a3813c224aecfba480
116ec7e6fd975bc0b4587c3a69fc741afd413c6b
a3392d648a4d75cc8cc6e1571a14610cec8b0c3eff448244cb839418ca215f71
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/09/amit-shah.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:16 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:40:12 GMT
accept-ranges: bytes
content-length: 33215
date: Mon, 30 Jan 2023 03:58:16 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/img/nic_logo.jpg
103.10.234.110200 OK 16 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/nic_logo.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=102, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=250], progressive, precision 8, 185x76, components 3\012- data
Hash 52175657ce352484608c0cd116ecaf46
7efb51dce60eb292f4b1f285e3996fc680cf4fe1
0c1d6d23ade75affedaba0569a59e74e556b450a3f9eee4abe8aeae217c80995
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/nic_logo.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:17 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 15893
date: Mon, 30 Jan 2023 03:58:17 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/themes/iscs/img/mha.jpg
103.10.234.110200 OK 33 kB URL HTTP/1.1 nktm.cloud/wp-content/themes/iscs/img/mha.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=130, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=320], progressive, precision 8, 185x76, components 3\012- data
Hash 3df058f54d8533a36c581e4aa0919057
4c3df2f6737fa4d30d2a6d12fb2014da0e335de7
e25dc9cf9eb26d45f6463bd34a3be4518b4c0c293c4ca493805c77a1cf9fce36
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/themes/iscs/img/mha.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:17 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:43:58 GMT
accept-ranges: bytes
content-length: 32727
date: Mon, 30 Jan 2023 03:58:17 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2022/06/25th-wzcmeeting.jpg
103.10.234.110200 OK 257 kB URL HTTP/1.1 nktm.cloud/wp-content/uploads/2022/06/25th-wzcmeeting.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1069x720, components 3\012- data
Size 257 kB (257287 bytes)
Hash 85094f2f14f864e88b8106715c2388b6
dd28c90686751dd66123d8d57431970e10fd95e4
2b1852f42bdefdacd9d76dab20c8068a1cef07453d2131d34e3fe53255691797
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2022/06/25th-wzcmeeting.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:17 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:12 GMT
accept-ranges: bytes
content-length: 257287
date: Mon, 30 Jan 2023 03:58:17 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2022/06/12th-meeting-28-may-2022-stc-szc-Thiruvananthpuram-Kerala-01a.jpg
103.10.234.110200 OK 288 kB URL HTTP/1.1 nktm.cloud/wp-content/uploads/2022/06/12th-meeting-28-may-2022-stc-szc-Thiruvananthpuram-Kerala-01a.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=13, manufacturer=NIKON CORPORATION, model=NIKON D780, orientation=upper-left, xresolution=200, yresolution=208, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2022:05:28 16:46:47], baseline, precision 8, 1069x720, components 3\012- data
Size 288 kB (287632 bytes)
Hash e1bf6adc8497e93651ddba26d1706126
1737c6773ea9e89115cc0afc0a0ef0e8facf50f8
927b2f9ab3872797b2c3acb2374be39728d22f8f7ef81160dd36724656bcdc68
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2022/06/12th-meeting-28-may-2022-stc-szc-Thiruvananthpuram-Kerala-01a.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:17 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:10 GMT
accept-ranges: bytes
content-length: 287632
date: Mon, 30 Jan 2023 03:58:17 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2022/07/nzcmeetingimg2.jpg
103.10.234.110200 OK 333 kB URL HTTP/1.1 nktm.cloud/wp-content/uploads/2022/07/nzcmeetingimg2.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=13, manufacturer=NIKON CORPORATION, model=NIKON Z 6_2, orientation=upper-left, xresolution=200, yresolution=208, resolutionunit=2, software=Ver.01.30, datetime=2022:07:09 12:35:56], baseline, precision 8, 1069x711, components 3\012- data
Size 333 kB (333336 bytes)
Hash 6e3eef99734435939109d87d82270d6e
68b4d1a169e73f07eb7ba37e4038bf4ccede05b3
f6c9fdc2e61d641ba0fcf88e2f8f37c0d1c10bcd5b5c6f955af942c0aeb90d34
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2022/07/nzcmeetingimg2.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:17 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:06 GMT
accept-ranges: bytes
content-length: 333336
date: Mon, 30 Jan 2023 03:58:17 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/themes/iscs/images/iscsmeeting8.JPG
103.10.234.110200 OK 565 kB URL HTTP/1.1 nktm.cloud/iscs/wp-content/themes/iscs/images/iscsmeeting8.JPG
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=16, height=3264, bps=0, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D7000, orientation=upper-left, width=4928], progressive, precision 8, 1079x720, components 3\012- data
Size 565 kB (565403 bytes)
Hash c0ee57f36cc1eed935c843d0f14b6644
327a2a11d478077fe84dcb4128f50c6fcee56d73
525fb5246678e1f21135e5cbdd6045afcadb4812b6b3d4fe5b9800733a043928
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/themes/iscs/images/iscsmeeting8.JPG HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:18 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:39:58 GMT
accept-ranges: bytes
content-length: 565403
date: Mon, 30 Jan 2023 03:58:18 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
www.youtube.com/embed/dUPnzO6t0ik
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/embed/dUPnzO6t0ik
IP 216.58.207.206:0
GET /embed/dUPnzO6t0ik HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nktm.cloud/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 03:58:14 GMT
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=SWHDCsoNaLQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=qiut_9gvAYE; Domain=.youtube.com; Expires=Sat, 29-Jul-2023 03:58:14 GMT; Path=/; Secure; HttpOnly; SameSite=none
DEVICE_INFO=ChxOekU1TkRJNE9UWTJPVFkxTnpRNU9EY3hOdz09ENaA3Z4GGNaA3Z4G; Domain=.youtube.com; Expires=Sat, 29-Jul-2023 03:58:14 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+200; expires=Wed, 29-Jan-2025 03:58:14 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nktm.cloud/wp-content/uploads/2021/12/NZC11.jpg
103.10.234.110200 OK 0 B URL HTTP/1.1 nktm.cloud/wp-content/uploads/2021/12/NZC11.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2021/12/NZC11.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:20 GMT
accept-ranges: bytes
content-length: 1604655
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2022/07/PM_Banner_engf.jpg
103.10.234.110200 OK 0 B URL HTTP/1.1 nktm.cloud/wp-content/uploads/2022/07/PM_Banner_engf.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2022/07/PM_Banner_engf.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:20 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:08 GMT
accept-ranges: bytes
content-length: 165722
date: Mon, 30 Jan 2023 03:58:20 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/wp-content/uploads/2021/12/Tri2.jpg
103.10.234.110200 OK 0 B URL HTTP/1.1 nktm.cloud/wp-content/uploads/2021/12/Tri2.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2021/12/Tri2.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:15 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:18 GMT
accept-ranges: bytes
content-length: 1347852
date: Mon, 30 Jan 2023 03:58:15 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
www.youtube.com/s/player/4248d311/player_ias.vflset/en_US/base.js
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/s/player/4248d311/player_ias.vflset/en_US/base.js
IP 216.58.207.206:0
GET /s/player/4248d311/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dUPnzO6t0ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 611243
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 10:35:46 GMT
expires: Sun, 28 Jan 2024 10:35:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/javascript
age: 148948
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nktm.cloud/wp-content/uploads/2022/07/harghartringaf.jpg
103.10.234.110200 OK 0 B URL HTTP/1.1 nktm.cloud/wp-content/uploads/2022/07/harghartringaf.jpg
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /wp-content/uploads/2022/07/harghartringaf.jpg HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:19 GMT
content-type: image/jpeg
last-modified: Mon, 09 Jan 2023 09:45:08 GMT
accept-ranges: bytes
content-length: 197515
date: Mon, 30 Jan 2023 03:58:19 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
nktm.cloud/iscs/wp-content/uploads/2016/09/pm-modi-2.png
103.10.234.110200 OK 0 B URL HTTP/1.1 nktm.cloud/iscs/wp-content/uploads/2016/09/pm-modi-2.png
IP 103.10.234.110:0
ASN #56110 Everdata Technologies Pvt Ltd
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.cloud Domain
GET /iscs/wp-content/uploads/2016/09/pm-modi-2.png HTTP/1.1
Host: nktm.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nktm.cloud/
Connection: keep-alive
Cookie: ppqtrans_cookie_test=qTranslate%20Cookie%20Test; wordpress_test_cookie=WP%20Cookie%20check
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 03:58:17 GMT
content-type: image/png
last-modified: Mon, 09 Jan 2023 09:40:12 GMT
accept-ranges: bytes
content-length: 1221540
date: Mon, 30 Jan 2023 03:58:17 GMT
server: LiteSpeed
access-control-allow-origin: origin
referrer-policy: origin
content-security-policy: origin
www.youtube.com/embed/jeXFxyrGFHM
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/embed/jeXFxyrGFHM
IP 216.58.207.206:0
GET /embed/jeXFxyrGFHM HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nktm.cloud/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 03:58:14 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=216ogOgybMc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=5GYy0NwhFzY; Domain=.youtube.com; Expires=Sat, 29-Jul-2023 03:58:14 GMT; Path=/; Secure; HttpOnly; SameSite=none
DEVICE_INFO=ChxOekU1TkRJNE9UWTJPVE14TWpFeE5qVTVOUT09ENaA3Z4GGNaA3Z4G; Domain=.youtube.com; Expires=Sat, 29-Jul-2023 03:58:14 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+287; expires=Wed, 29-Jan-2025 03:58:14 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2