r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17841
Expires: Wed, 05 Oct 2022 17:14:22 GMT
Date: Wed, 05 Oct 2022 12:17:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
18.164.68.21200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.21:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 12:04:33 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6dcfe970273dbabb7e3f096812b664f4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 6QmyoTvAnklobZDlwOqqlEXh9DA8IsYhoPdw7wf-m198mBjoe2c5-Q==
Age: 748
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.51200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.51:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 02:28:20 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b3d26bb0853726fb30b0576bc254ef10.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: jcgi3h-DRXwj5NhZwCjKOlzQdcKUiIOef57yDDsPGXB8arH-tsqRcQ==
age: 35972
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 12:17:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.164.68.21200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.164.68.21:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 05 Oct 2022 11:32:55 GMT
Expires: Wed, 05 Oct 2022 11:34:57 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 af877631d7eceee4a5878c04d25f5986.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: A0-U8PqKSWdMBqR1V1U9rSgDP9wnC1GCYbm6BbqoOfl-Cf6CvhXe3Q==
Age: 2647
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3452
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:02 GMT
Last-Modified: Wed, 05 Oct 2022 11:19:30 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pZKkASVRN9TRxNUY+3BxuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OimBrCL/Bvc+TnbovK9yL8/8Mfs=
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.25.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 12:17:02 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1778599
expires: Mon, 25 Sep 2023 12:17:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLrIys4NMxjCy8CtIZQQyng4odqFaT6j4PXfh8N7PLUsEqZni%2Fa9gG7ydt%2BetSkOsF7ypGBkuD45Tv1Ct0vpyhjbS2sV52IuduV118TaP6cbYwTmXNTmAdNxKHzYpYG79KERLYCa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 755617884e99b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4d6b344f7e5123552495c56971708cef
efcf4bd4bdb6964b29ce0bc239ea32ab573dac3a
8092e24c3c24d08ffebca3781af0ec9574604e1ae4bd40d2c21865c3297f44bc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4d6b344f7e5123552495c56971708cef
efcf4bd4bdb6964b29ce0bc239ea32ab573dac3a
8092e24c3c24d08ffebca3781af0ec9574604e1ae4bd40d2c21865c3297f44bc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Raleway:300,400,700
142.250.74.10200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Raleway:300,400,700
IP 142.250.74.10:0
Hash 0936b10c305aac756a7b1e96d12fac2c
aa0cff9e90b94a3ade15a7081c0742025c0e4257
072a88b76535a7beb56280f664f86efd5cea65b7e9ecfc7d965279bf7fce10a0
GET /css?family=Raleway:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 12:17:02 GMT
date: Wed, 05 Oct 2022 12:17:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/default.aspx?html=UrJr.pptx
164.52.212.58200 OK 51 kB URL HTTP/1.1 rsmps.in/default.aspx?html=UrJr.pptx
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2605), with CRLF line terminators
Hash b34624e0406d53b5932eec2c27d5488c
809b35e4084f9fc2c6597a9016562e77a15aa26c
0a1c9892c9f55156380281f21f49029512de8edd2537d14335aa6261655f37c1
Analyzer Verdict Alert fortinet Malware
GET /default.aspx?html=UrJr.pptx HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:03 GMT
Content-Length: 50920
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eb0b19f7509e955f303b941b4460b495
c4121108490fba11413edbe8af9dc33443ef0808
c30d80fd469acb97fd65de5c055fa40bcd8cb8f9a26fc9564335c6baac8a1f3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C30D80FD469ACB97FD65DE5C055FA40BCD8CB8F9A26FC9564335C6BAAC8A1F3E"
Last-Modified: Tue, 04 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 05 Oct 2022 18:17:03 GMT
Date: Wed, 05 Oct 2022 12:17:03 GMT
Connection: keep-alive
rsmps.in/css/owl.theme.default.css
164.52.212.58200 OK 1.3 kB URL HTTP/1.1 rsmps.in/css/owl.theme.default.css
IP 164.52.212.58:0
ASN #132420 282, Sector 19
Hash 26dd7ebd96f611bff70d97bd1eb24ca1
02bab0c1adf33ee9d22d32be989513fe8464041e
ede1466795eb4042a622781a4b5f0e8e12a93257b6dc5deae7deaaf4d2b33a5e
GET /css/owl.theme.default.css HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:03 GMT
Content-Length: 1303
rsmps.in/css/owl.carousel.css
164.52.212.58200 OK 4.0 kB URL HTTP/1.1 rsmps.in/css/owl.carousel.css
IP 164.52.212.58:0
ASN #132420 282, Sector 19
Hash 83ef097be10f83e9f999a55c34a04beb
e718931278aa33db5c3012b814c30accfe87f244
87b34f2c1c4c30f70478efc10c6c026f9311019f028157314717e6ddfa4c1f4b
GET /css/owl.carousel.css HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:03 GMT
Content-Length: 4028
www.tbty20000.com/tb.js
23.251.32.116200 OK 885 B IP 23.251.32.116:0
Hash 714708491290e033a5fd8468995b361f
bd9d731d920442e12173bd2a57eca4fe4d793b36
7e53114e75a5f589ff03b250727161b52a1697d01601a492c71650e0cb753696
GET /tb.js HTTP/1.1
Host: www.tbty20000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 05 Oct 2022 07:08:54 GMT
etag: "9ff-5ea443feb02e5-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 885
content-type: application/javascript
date: Wed, 05 Oct 2022 12:17:03 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16830
Expires: Wed, 05 Oct 2022 16:57:33 GMT
Date: Wed, 05 Oct 2022 12:17:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16830
Expires: Wed, 05 Oct 2022 16:57:33 GMT
Date: Wed, 05 Oct 2022 12:17:03 GMT
Connection: keep-alive
rsmps.in/js/jquery.easy-ticker.js
164.52.212.58404 Not Found 1.2 kB URL HTTP/1.1 rsmps.in/js/jquery.easy-ticker.js
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.easy-ticker.js HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 1245
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16830
Expires: Wed, 05 Oct 2022 16:57:33 GMT
Date: Wed, 05 Oct 2022 12:17:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d7d7df8d4c440f9db445c3d99e818d6
612b6dbd4ba895c167964ff7e6d9263013b52b0a
bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3585
x-amzn-requestid: ccb6f0c8-4d9b-48b8-aaf6-16781dc4c86b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHFlEcFoAMFS3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a5223-5c9276c873efee993ba54667;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: T8m1q2L45TWDVRBa-R2W70yq9BauBK3G4IX54AGIxdRhG736T974kg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:05:29 GMT
age: 29494
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07ed6d4e-f8d6-4fa4-a7da-a497e3667e10.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07ed6d4e-f8d6-4fa4-a7da-a497e3667e10.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 420f8420af76fa258690bb842ff38db7
a37e39e4429d869abcf95cf3cb2c74675e174040
1d45d4f188ff54b5f66cd3c828affdd5d90b621c875c58a9fa6cd265f456d622
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07ed6d4e-f8d6-4fa4-a7da-a497e3667e10.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 17279
x-amzn-requestid: 381c1622-0b7a-407a-a98e-ad5e10b67a33
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1ExxoAMFsAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4ed02978326aebf338ccd998;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CIZCBfsULoj_hm3G56Um57QTYuGUjN63x_H1Bb3xPKeacmsrTLqLYw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 52469
etag: "a37e39e4429d869abcf95cf3cb2c74675e174040"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3257b782efae9b64e6e18a547866ec50
4daf0c001e86af8477fb097e8ca932edb8e5f981
899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: WWClzLGprno--c75q63i1TFi8oBEdAYW-J4lCk9V8IELQXe6q0A05A==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 52469
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rsmps.in/css/aravaliStylesheet.css
164.52.212.58200 OK 25 kB URL HTTP/1.1 rsmps.in/css/aravaliStylesheet.css
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 92cd5359919b6a88f915a6d2c8acb59e
64ca50047594363c2ac188aac1f672ec1210aa65
1184c4bd077507dc125f4ec191487dcf15afd33f1276bfaa566cedfb3fda6aa1
GET /css/aravaliStylesheet.css HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Sat, 26 Feb 2022 10:36:32 GMT
Accept-Ranges: bytes
ETag: "0f852b8fc2ad81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:03 GMT
Content-Length: 25112
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1de7c17a0ba9295135e7f8b490b6a8d3
70e8d1589f3daf71378965dd197934e220fb6aa4
ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 52469
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rsmps.in/WebResource.axd?d=QEOmqViFENIguqSl_IBH1jSYeSoiZiAPdiwMsoGnx-C-EaIZgs0mXZSckTLyvkKcel3DYLNWcOBTQwsiEtKznIQyZdiI_UwXh981dwI4MG01&t=637454266939909757
164.52.212.58200 OK 23 kB URL HTTP/1.1 rsmps.in/WebResource.axd?d=QEOmqViFENIguqSl_IBH1jSYeSoiZiAPdiwMsoGnx-C-EaIZgs0mXZSckTLyvkKcel3DYLNWcOBTQwsiEtKznIQyZdiI_UwXh981dwI4MG01&t=637454266939909757
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type ASCII text, with CRLF line terminators
Hash 90ea7274f19755002360945d54c2a0d7
647b5d8bf7d119a2c97895363a07a0c6eb8cd284
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
GET /WebResource.axd?d=QEOmqViFENIguqSl_IBH1jSYeSoiZiAPdiwMsoGnx-C-EaIZgs0mXZSckTLyvkKcel3DYLNWcOBTQwsiEtKznIQyZdiI_UwXh981dwI4MG01&t=637454266939909757 HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Expires: Thu, 05 Oct 2023 12:17:04 GMT
Last-Modified: Tue, 05 Jan 2021 01:28:13 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:03 GMT
Content-Length: 23063
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: szhtD9f4RuQaDKXe7LElSR0yOKo9cYa1i2YMeG3eSpBXP8ePcdzQig==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 07:29:32 GMT
age: 17251
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 229c99cfb655a8c9f1a22de69fdff73c
6b5db8fbfb56f083d54b13e7660d0e4bc866aa00
f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Sd2_YDHr3j7ym7wfFyQh9kg8FP-Et2nJUOo1v_TNbI3PvpzEY5KJ2Q==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:07:19 GMT
age: 50984
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rsmps.in/WebResource.axd?d=eWB8XxLv5ceXR4aXd1nWOdDhSpQjMazC88vZ6n7_KTnLHUJFBETZ4iCV2fJS7gEpjRSWqqFs53qAAo4dCkOQf_0HWj6bvK-ay4Tf66H9wT41&t=637454266939909757
164.52.212.58200 OK 27 kB URL HTTP/1.1 rsmps.in/WebResource.axd?d=eWB8XxLv5ceXR4aXd1nWOdDhSpQjMazC88vZ6n7_KTnLHUJFBETZ4iCV2fJS7gEpjRSWqqFs53qAAo4dCkOQf_0HWj6bvK-ay4Tf66H9wT41&t=637454266939909757
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type ASCII text, with CRLF line terminators
Hash b3d7a123be5203a1a3f0f10233ed373f
f4c61f321d8f79a805b356c6ec94090c0d96215c
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
GET /WebResource.axd?d=eWB8XxLv5ceXR4aXd1nWOdDhSpQjMazC88vZ6n7_KTnLHUJFBETZ4iCV2fJS7gEpjRSWqqFs53qAAo4dCkOQf_0HWj6bvK-ay4Tf66H9wT41&t=637454266939909757 HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Expires: Thu, 05 Oct 2023 12:17:04 GMT
Last-Modified: Tue, 05 Jan 2021 01:28:13 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 26951
rsmps.in/css/Bootstrap_v3.3.7.css
164.52.212.58200 OK 153 kB URL HTTP/1.1 rsmps.in/css/Bootstrap_v3.3.7.css
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type Unicode text, UTF-8 (with BOM) text, with very long lines (540), with CRLF line terminators
Size 153 kB (152812 bytes)
Hash a245a45fe83a9c95f8f55106ff54c49d
d912e13bb32ea4042488d27a18b006cde12466ad
0434fcaa28b0cd4eacc5062971fd970d6f8e4bcc10831c33008a896ef496c10d
GET /css/Bootstrap_v3.3.7.css HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:03 GMT
Content-Length: 152812
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f936b953fdf91692463e6745f5151375
9f94b177ba59497086040cbec72f9e26e22a54c3
21c4c1a25e3f41ea5d0262216d19cb081023a79500eae7dab8b8c1f5022ad18e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 195d162678034c3ab84daffa4c4a5723
85fab036e8ab318c51b5c05ff33f2388e5716acd
03e8ce6aa80a44c5f2abf860c3bbf25d8e56fc49458a3f8c11fbe2130b71bb6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 195d162678034c3ab84daffa4c4a5723
85fab036e8ab318c51b5c05ff33f2388e5716acd
03e8ce6aa80a44c5f2abf860c3bbf25d8e56fc49458a3f8c11fbe2130b71bb6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 195d162678034c3ab84daffa4c4a5723
85fab036e8ab318c51b5c05ff33f2388e5716acd
03e8ce6aa80a44c5f2abf860c3bbf25d8e56fc49458a3f8c11fbe2130b71bb6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
216.58.207.195200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 19740, version 1.0\012- data
Hash 101cf2a65d64322878605fa8472bb025
6dffc15e38c321e4bb567b4bd8107a2e8d97c61d
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8
GET /s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rsmps.in
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 17:14:55 GMT
expires: Wed, 04 Oct 2023 17:14:55 GMT
cache-control: public, max-age=31536000
age: 68529
last-modified: Tue, 26 Apr 2022 15:48:38 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.195200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rsmps.in
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 21:13:12 GMT
expires: Tue, 03 Oct 2023 21:13:12 GMT
cache-control: public, max-age=31536000
age: 140632
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 195d162678034c3ab84daffa4c4a5723
85fab036e8ab318c51b5c05ff33f2388e5716acd
03e8ce6aa80a44c5f2abf860c3bbf25d8e56fc49458a3f8c11fbe2130b71bb6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:31:58 GMT
expires: Sun, 01 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 344706
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Sep 2022 00:48:31 GMT
expires: Sat, 30 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 473313
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/374003a5/www-player.css
142.250.74.174200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/374003a5/www-player.css
IP 142.250.74.174:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 23adfef80bbe0f8a8e0ed8ae516cded1
d3a00803bb71a3452fbd7020ba20d04c0e74bcdc
417ea63bec9b959c396636c25cb3fcd292de626c8987e42ac848c2179ee77d34
GET /s/player/374003a5/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/fX7rQ6Rlg1I
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 50019
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 14:49:04 GMT
expires: Tue, 03 Oct 2023 14:49:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:23:06 GMT
content-type: text/css
age: 163680
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f936b953fdf91692463e6745f5151375
9f94b177ba59497086040cbec72f9e26e22a54c3
21c4c1a25e3f41ea5d0262216d19cb081023a79500eae7dab8b8c1f5022ad18e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/374003a5/www-embed-player.vflset/www-embed-player.js
142.250.74.174200 OK 97 kB URL HTTP/2 www.youtube.com/s/player/374003a5/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (570)
Hash 8315b2b24d75875a8afbfb2dfd74bcd1
281f807952ca224a0412900ef416554ebb5c766b
d5a423b7400b67d4140ad250bf7f0d4a3cfb967a13021843174bc391e705fa18
GET /s/player/374003a5/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/fX7rQ6Rlg1I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 14:49:05 GMT
expires: Tue, 03 Oct 2023 14:49:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:23:06 GMT
content-type: text/javascript
age: 163679
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/374003a5/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.174200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/374003a5/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.174:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/374003a5/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/fX7rQ6Rlg1I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 09:17:42 GMT
expires: Thu, 05 Oct 2023 09:17:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:23:06 GMT
content-type: text/javascript
age: 10762
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/js/jQuery_v3.3.1.js
164.52.212.58200 OK 107 kB URL HTTP/1.1 rsmps.in/js/jQuery_v3.3.1.js
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type ISO-8859 text, with very long lines (65440), with CRLF line terminators
Size 107 kB (106863 bytes)
Hash 810841d50c9beebefb5fa65f14d5e18c
651a219f3f79c7abfd4132997182b5c64e408ea7
8869a0407f0896f3b9726377dd97ed0798f104cb636f8446776a0fbc68791f28
Analyzer Verdict Alert fortinet Malware
GET /js/jQuery_v3.3.1.js HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 23 Jun 2022 11:46:47 GMT
Accept-Ranges: bytes
ETag: "def758ebf686d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 106863
rsmps.in/WEBSITECMS/CMSFILES/1~11-51-2022chairman.jpeg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/1~11-51-2022chairman.jpeg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
Analyzer Verdict Alert fortinet Malware
GET /WEBSITECMS/CMSFILES/1~11-51-2022chairman.jpeg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 1293
rsmps.in/WEBSITECMS/CMSFILES/9~11-31-20222.jpg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/9~11-31-20222.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
GET /WEBSITECMS/CMSFILES/9~11-31-20222.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 1293
rsmps.in/WEBSITECMS/CMSFILES/8~11-31-20225.jpg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/8~11-31-20225.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
GET /WEBSITECMS/CMSFILES/8~11-31-20225.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 1293
rsmps.in/WEBSITECMS/CMSFILES/10~11-31-202212.jpg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/10~11-31-202212.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
GET /WEBSITECMS/CMSFILES/10~11-31-202212.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 1293
rsmps.in/image/gallery_bg.png
164.52.212.58404 Not Found 1.2 kB URL HTTP/1.1 rsmps.in/image/gallery_bg.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /image/gallery_bg.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 1245
rsmps.in/js/owl.carousel.js
164.52.212.58200 OK 85 kB URL HTTP/1.1 rsmps.in/js/owl.carousel.js
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type ASCII text, with very long lines (360)
Hash 0aa8dbbc9beca33dd418f7b2a3c966b1
ef764d3a470454c1e440611539635118af1cd14e
84f62a9eaeb4e885739c5c33d4b5b479880f4b11bd3bfc322194fd80af4dbd64
Analyzer Verdict Alert fortinet Malware
GET /js/owl.carousel.js HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 85368
rsmps.in/image/icon/sports.jpg
164.52.212.58200 OK 35 kB URL HTTP/1.1 rsmps.in/image/icon/sports.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 300x200, components 3\012- data
Hash eae32608ed6cbbd9f38056475c0d7817
f6e4b4c86ddb1467f5ad36b7416a2fcf0f4602a7
c53f27895ba0d159ace71e7cce372833913ca4c0c07b6af8168bc81a980379f7
GET /image/icon/sports.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 34694
rsmps.in/image/icon/can.jpg
164.52.212.58200 OK 37 kB URL HTTP/1.1 rsmps.in/image/icon/can.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x200, components 3\012- data
Hash 4b9ddac9385605d5ecbef6353e24ee6b
77dee0ad64b0c2711ffadb3fde32dfc0b520bdac
f829ef7cc73d9fa98f79607b4e460914c774480e032402267bb4c7beceab244a
GET /image/icon/can.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 36906
rsmps.in/image/icon/icr.jpg
164.52.212.58200 OK 25 kB URL HTTP/1.1 rsmps.in/image/icon/icr.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x200, components 3\012- data
Hash 0da90dcfb1ab2765b02b86330bce4a5a
4179636a270482f7a403691ca61515dae9b7d459
6f4bf87d86d36f13d12b78fa74f2adb49cd123e13d77c45ebf0742cb39840300
GET /image/icon/icr.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 24995
rsmps.in/image/icon/lab.jpg
164.52.212.58200 OK 23 kB URL HTTP/1.1 rsmps.in/image/icon/lab.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x200, components 3\012- data
Hash b2d0f458d11425fdb30f83b185b54a84
40bb2c526ce864a2e99274e6162bbdb37eaa161d
0847a8fb71b4d00a6fd1f5faa6170dbf47a3e31f8ea419e0dc333008a338b3a2
GET /image/icon/lab.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:04 GMT
Content-Length: 22591
rsmps.in/image/icon/tra.jpg
164.52.212.58200 OK 31 kB URL HTTP/1.1 rsmps.in/image/icon/tra.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x200, components 3\012- data
Hash df504ccc101ed4b680149adfb1d0b0dd
89dd7176a2c8c1aa0f402020203bff552dfe398f
ac289dda0a89af337cd1e6e221ef58e39c076685b311706f9dcc79a82c5aab85
GET /image/icon/tra.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 31073
push.zhanzhang.baidu.com/push.js
182.61.201.94200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.94:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Wed, 05 Oct 2022 12:17:04 GMT
Etag: "4078521116"
Expires: Thu, 05 Oct 2023 12:17:04 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=2BA76BEF215E76238E1482322329F5A7:FG=1; max-age=31536000; expires=Thu, 05-Oct-23 12:17:04 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
rsmps.in/js/jquery.easy-ticker.js
164.52.212.58404 Not Found 1.2 kB URL HTTP/1.1 rsmps.in/js/jquery.easy-ticker.js
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.easy-ticker.js HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1245
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 84e9010310622f392dc53ecd26b72e9b
454a6f2c6c050f7ec5ede31bf5c891619e42a232
522a643360e59c591cbeb45058e81f9d8f54408f025067e717e03c03ed9839ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 03aa53df423fbcabed7e7ea8b5b21daa
c87027f8318719091a2cbcc428c47297fca60a46
3c4c8ae282397bf93a74e824e6cd971d0ba5e5aae0cd81cf679a6bff75dbcb77
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 12:07:31 GMT
expires: Wed, 05 Oct 2022 12:22:31 GMT
cache-control: public, max-age=900
age: 574
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Wed, 05 Oct 2022 12:17:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3ab8bf820942d1e8b0b15e2ca70bb23
37739c574978a59036b0b252ff738724073a48c5
30c7472c2564004845b02eb55e19ecac95b0d2eb3ae416dbc3848ecc7bcb093f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 03aa53df423fbcabed7e7ea8b5b21daa
c87027f8318719091a2cbcc428c47297fca60a46
3c4c8ae282397bf93a74e824e6cd971d0ba5e5aae0cd81cf679a6bff75dbcb77
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 84e9010310622f392dc53ecd26b72e9b
454a6f2c6c050f7ec5ede31bf5c891619e42a232
522a643360e59c591cbeb45058e81f9d8f54408f025067e717e03c03ed9839ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/qs_eGd-h9f3_frMeplByuCjrJjGTr5iyl3j-JE2Mo0s.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/qs_eGd-h9f3_frMeplByuCjrJjGTr5iyl3j-JE2Mo0s.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36351)
Hash fca4c84446cae474dbf63fcf44f061ca
399275019a515b324eb48ac6f2042f30dd15cd18
86a4021c55d56c050bc7e8de79f895d7555279bccbc8777f975f0945a5a2a4f2
GET /js/th/qs_eGd-h9f3_frMeplByuCjrJjGTr5iyl3j-JE2Mo0s.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14350
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 13:19:06 GMT
expires: Sun, 01 Oct 2023 13:19:06 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 27 Sep 2022 17:00:00 GMT
content-type: text/javascript
age: 341879
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Wed, 05 Oct 2022 12:17:05 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash c16fdbd7cfaa9127ff0fe7c17c552d06
7183c331d1b40f0dc006c4eaca4936091794c1c1
8d906f026e885ed41c49c4efae75af227ffa5b8d1fd8a62e4a1e10af47ba9a63
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 05 Oct 2022 12:17:05 GMT
server: ESF
cache-control: private
content-length: 30956
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/image/icon/lib.jpg
164.52.212.58200 OK 25 kB URL HTTP/1.1 rsmps.in/image/icon/lib.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x200, components 3\012- data
Hash 2bfbc73e1c945877e179251e7a4470d3
7192c47bfb3e74f7917362e7a43c64b7a5b21f63
204dd5ec2f4b897789c6a78d4cbc6cbda9c4e1ba3c63119a404e2be06c34313b
GET /image/icon/lib.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 24899
rsmps.in/image/cbse.png
164.52.212.58200 OK 1.7 kB IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 3149dd00a3a0a872c7c51333e15be990
63514c40c147ddd1e239363bd9b2eb5aab7d7c75
dbef07ab6f7ee807ce44efd31f865a02ce750a6353f6582fb53406f3bc65d0cc
GET /image/cbse.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 12:27:54 GMT
Accept-Ranges: bytes
ETag: "041295dd6d5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1736
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18f225a6d31333ca12fa1f03a5ca0086
0f65f7aecfebdba74b5b409d4a3db5d103f62f38
19edd02e9bc4467731411af6937bc71d1ae27ca893984efa6b85df144f4b434f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d27993.928476909892!2d77.07001168261722!3d28.712341074564634!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x7ee3530b8adc2284!2sRann%20Singh%20Model%20Public%20School!5e0!3m2!1sen!2sin!4v1646474732519!5m2!1sen!2sin
142.250.74.164200 OK 1.7 kB URL HTTP/2 www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d27993.928476909892!2d77.07001168261722!3d28.712341074564634!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x7ee3530b8adc2284!2sRann%20Singh%20Model%20Public%20School!5e0!3m2!1sen!2sin!4v1646474732519!5m2!1sen!2sin
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3803)
Hash 69cc8e1558e07bfe05da98f3f63dbbe5
2234ec55b6c584799db30f50f5a02136ce26f902
4f4be4b8d63a33e8986f023b72546becb3a8daabab4fc670c45e614974af0f57
GET /maps/embed?pb=!1m14!1m8!1m3!1d27993.928476909892!2d77.07001168261722!3d28.712341074564634!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x7ee3530b8adc2284!2sRann%20Singh%20Model%20Public%20School!5e0!3m2!1sen!2sin!4v1646474732519!5m2!1sen!2sin HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Wed, 05 Oct 2022 12:17:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
vary: Accept-Language
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-wT1sXSoJ1jbt_ikv11nTuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-encoding: gzip
server: mafe
content-length: 1746
x-xss-protection: 0
server-timing: gfet4t7; dur=158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/image/ncert.png
164.52.212.58200 OK 1.6 kB IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash ce0d8875e9d1277c5d8ed8981f1fd129
8abdc410232c3710e5b577daa48daa3c7c49f8ce
cc6eab7fbac52f51dfe2734426ea497c8bc5213ef04683208bca67eb0d66d6f7
GET /image/ncert.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 12:28:00 GMT
Accept-Ranges: bytes
ETag: "0c8bc60d6d5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1569
i.ytimg.com/vi_webp/fX7rQ6Rlg1I/sddefault.webp
142.250.74.86200 OK 50 kB URL HTTP/2 i.ytimg.com/vi_webp/fX7rQ6Rlg1I/sddefault.webp
IP 142.250.74.86:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4462243b0d40404ddb1bf4732e856364
d5b1873f90cfcdb8497b661b8f46d5865ae55db5
faa6da3d167211fd77e6387172d1c49da2a40b1f42aa39f8de54d323be5beecc
GET /vi_webp/fX7rQ6Rlg1I/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49870
date: Wed, 05 Oct 2022 12:17:05 GMT
expires: Wed, 05 Oct 2022 14:17:05 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/image/doe.png
164.52.212.58200 OK 1.2 kB IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 860b04c879d3b8c472d2d45da0035be5
bbca2b18053746b8649c0d402fc12625515c0ba3
64136acd16fb627b7ff1459ff4e3fd348ffd3a79df13ad07afb72dcd4efc85f8
GET /image/doe.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 12:28:08 GMT
Accept-Ranges: bytes
ETag: "07c8165d6d5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1247
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29fb83c9fbb41ea2b8c5e2e627880b2d
c4f9c9f622cd576e61b0baeac8e0f731c395c0e2
bf5df67dd3f7a1f8533e25499eefd50078a6a26da774a70baa36d4a9364d0efa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18f225a6d31333ca12fa1f03a5ca0086
0f65f7aecfebdba74b5b409d4a3db5d103f62f38
19edd02e9bc4467731411af6937bc71d1ae27ca893984efa6b85df144f4b434f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rsmps.in/image/DelE.png
164.52.212.58200 OK 1.4 kB IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 22 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 14981e91aabf2df0a0b5843398454224
3e31492ebefafb2570065725507594bf5aa8a07d
c788839d0cb22704f547d48faa5798dff3cc553c71297e8fd5e96bcbc3b77dbd
GET /image/DelE.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 12:28:12 GMT
Accept-Ranges: bytes
ETag: "0d6e367d6d5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1406
rsmps.in/image/footer_top_bg.png
164.52.212.58404 Not Found 1.2 kB URL HTTP/1.1 rsmps.in/image/footer_top_bg.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /image/footer_top_bg.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/css/aravaliStylesheet.css
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1245
maps.gstatic.com/maps-api-v3/embed/js/50/7a/init_embed.js
142.250.74.163200 OK 69 kB URL HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/50/7a/init_embed.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (2669)
Hash 3c88195b68b3f5ef55c8542d99bae032
21e4163d17a8e7763be9056f28c2ee79c9c5be0f
a91ce7384cd146470b0cdbec8deaae8e2d70c73da9e9d042af0c602c35510162
GET /maps-api-v3/embed/js/50/7a/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 68977
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 15:52:02 GMT
expires: Sun, 01 Oct 2023 15:52:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 27 Sep 2022 20:34:50 GMT
content-type: text/javascript
age: 332703
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/WEBSITECMS/CMSFILES/1~11-53-2022principal.jpeg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/1~11-53-2022principal.jpeg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
Analyzer Verdict Alert fortinet Malware
GET /WEBSITECMS/CMSFILES/1~11-53-2022principal.jpeg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 1293
rsmps.in/image/offering/Broad.png
164.52.212.58200 OK 6.6 kB URL HTTP/1.1 rsmps.in/image/offering/Broad.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 069a06d23c564ec5dfbdff50d5509de8
039b770eacef77c75ed09fac56b22cfb8af4075e
3baf571b2e6e5b84b3b6023b8b5a54ed23a38d7a7ebd6234a522044269fb6038
GET /image/offering/Broad.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 6606
yt3.ggpht.com/ytc/AMLnZu-bI432kZ8xzfHFynA89v3xX8zM52taS4HxF1rOgg=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.3 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu-bI432kZ8xzfHFynA89v3xX8zM52taS4HxF1rOgg=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 9e7e462755f90bd4c9cda8164184d94f
2aa1f9cb9860a73478ca21770eb107a3f20c51f8
3207ea15dcaaac2461f4734e883ead1d7414869f4b08612bac0f52ecf43c3e01
GET /ytc/AMLnZu-bI432kZ8xzfHFynA89v3xX8zM52taS4HxF1rOgg=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1be3"
expires: Thu, 06 Oct 2022 12:17:05 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 12:17:05 GMT
server: fife
content-length: 3281
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rsmps.in/image/offering/Relevant.png
164.52.212.58200 OK 5.5 kB URL HTTP/1.1 rsmps.in/image/offering/Relevant.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e73deb38734ecd372ca04ad0693b2fe
83dfca51195c156421be08dbfd5c9ecfae8bd661
735078ade80730cee4d35ebc0c53abae767740784fde6fff13d1b743c5ed26b9
GET /image/offering/Relevant.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 5510
rsmps.in/image/ranlogo.jpg
164.52.212.58200 OK 59 kB URL HTTP/1.1 rsmps.in/image/ranlogo.jpg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1039x124, components 3\012- data
Hash 2f0995a59fd6236c16472c559420ab22
155b99296438acee2a07a321c11e31901c51a157
0fc60c46978ff0cfec06861698f58393858992a712023186cd617cd95f0f736b
GET /image/ranlogo.jpg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 05 Mar 2022 09:56:02 GMT
Accept-Ranges: bytes
ETag: "0a5d2387730d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Length: 59252
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 693d1ea644bd6fb5bd58757d75a992a9
f75ea26f4b1f37bb702bf3a810985d4b1b1e2dcd
da4d8aa59f4e3f896c654398dfc846e2e33b80fc4dae6bd6b8766ebb1871a3a5
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 12:17:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 09 Oct 2022 10:44:31 GMT
ETag: "f75ea26f4b1f37bb702bf3a810985d4b1b1e2dcd"
Last-Modified: Wed, 05 Oct 2022 10:44:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2285
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7556179acc69b4f3-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29fb83c9fbb41ea2b8c5e2e627880b2d
c4f9c9f622cd576e61b0baeac8e0f731c395c0e2
bf5df67dd3f7a1f8533e25499eefd50078a6a26da774a70baa36d4a9364d0efa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rsmps.in/image/offering/Differentiated.png
164.52.212.58200 OK 4.6 kB URL HTTP/1.1 rsmps.in/image/offering/Differentiated.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 921ebc45d8c45f5b0d0adb693cbedb8e
0e507c83384165cbab03e00f4349b40bccfa7bee
5f09ac139f63fc02eaf9e9a3252f5c77328675df712a39464631350d8823a703
GET /image/offering/Differentiated.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 4590
rsmps.in/image/offering/Continuous.png
164.52.212.58200 OK 6.7 kB URL HTTP/1.1 rsmps.in/image/offering/Continuous.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash c5cb263c24d17a12bf0f3260df46f546
2b3031b9d3795031a943a9b9c7fe0cc2613cc98e
49b36d4647fdc9abfc35788082b2fcf2f40bcb0d23032843d5de1734df8525e2
GET /image/offering/Continuous.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 28 Jan 2020 01:38:24 GMT
Accept-Ranges: bytes
ETag: "0283ba17bd5d51:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 6719
rsmps.in/WEBSITECMS/CMSFILES/1~11-23-2022WhatsApp%20Image%202022-03-02%20at%204.32.25%20PM%20(2).jpeg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/1~11-23-2022WhatsApp%20Image%202022-03-02%20at%204.32.25%20PM%20(2).jpeg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
Analyzer Verdict Alert fortinet Malware
GET /WEBSITECMS/CMSFILES/1~11-23-2022WhatsApp%20Image%202022-03-02%20at%204.32.25%20PM%20(2).jpeg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 1293
rsmps.in/CaptchaImage.axd?guid=ab8402a3-fc27-4e6c-b2c6-1af6a24bdc6f
164.52.212.58404 Not Found 1.2 kB URL HTTP/1.1 rsmps.in/CaptchaImage.axd?guid=ab8402a3-fc27-4e6c-b2c6-1af6a24bdc6f
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer Verdict Alert fortinet Malware
GET /CaptchaImage.axd?guid=ab8402a3-fc27-4e6c-b2c6-1af6a24bdc6f HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 1245
rsmps.in/WEBSITECMS/CMSFILES/4~11-23-2022principal.jpeg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/4~11-23-2022principal.jpeg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
Analyzer Verdict Alert fortinet Malware
GET /WEBSITECMS/CMSFILES/4~11-23-2022principal.jpeg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 1293
rsmps.in/WEBSITECMS/CMSFILES/3~11-23-2022school%20building.jpeg
164.52.212.58401 Unauthorized 1.3 kB URL HTTP/1.1 rsmps.in/WEBSITECMS/CMSFILES/3~11-23-2022school%20building.jpeg
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5720392716b0be81c8110c6f0598e01b
1f82a544b02cfd554843f250ad9fd705bf1c3788
f02487f5c4b3f915572549270547145f9d93fe805b290f936e8dff7163105a4c
Analyzer Verdict Alert fortinet Malware
GET /WEBSITECMS/CMSFILES/3~11-23-2022school%20building.jpeg HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 1293
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3bc65ffbec7f4295cf1d9cc6bef4e3de
23459eda8229eaebd9c87c4443529f5e746178a4
e56db65b09e8073623e32be83f02b8b3cb436aaa06db8dd19657045e48eef0ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2459
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:06 GMT
Last-Modified: Wed, 05 Oct 2022 11:36:07 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
khms1.googleapis.com/kh?v=931&hl=en&gl=IN&x=365&y=213&z=9
142.250.74.106200 OK 16 kB URL HTTP/2 khms1.googleapis.com/kh?v=931&hl=en&gl=IN&x=365&y=213&z=9
IP 142.250.74.106:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash ebad426ed0276eb57e9c9e4ae9a9475b
530d4b6de3475042965573c3b6893aaa66873a20
cd5c165805cc7ebd562eddf83810139f3a66390cc06b94d08fe54493553a53ce
GET /kh?v=931&hl=en&gl=IN&x=365&y=213&z=9 HTTP/1.1
Host: khms1.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-content-type-options: nosniff
access-control-allow-origin: *
last-modified: Fri, 1 Jan 2010 01:00:00 GMT
access-control-allow-credentials: true
expires: Thu, 05 Oct 2023 12:17:06 GMT
cache-control: public, max-age=31536000
date: Wed, 05 Oct 2022 12:17:06 GMT
content-type: image/jpeg
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 15457
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash e356f8db9550b617d56e2a4f8fa39234
18ca66615b3371c74c00f8c6f1c44ace5d2a5fb0
7a898678d845e67d4fd90183c7beb0d4329be05e9790d1337b47639da95c4090
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rsmps.in
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6a7b5b38ad9febe52173a3c49dae4956
etag: "88a94db4b173c78eb49620a660050ec5"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 05 Oct 2022 12:19:54 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 41b425VQthfVbipPj6OSNA==
x-fb-debug: EXe+4XsDYXbacq+RcIh5DdGdV/aMEmaWhEKRqRg9gAnn1Woz9kKREEKn4GYnKPpMmPHWijY6skvvV6I7B0bCVw==
priority: u=3,i
content-length: 1688
x-fb-trip-id: 1904183273
date: Wed, 05 Oct 2022 12:17:06 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3bc65ffbec7f4295cf1d9cc6bef4e3de
23459eda8229eaebd9c87c4443529f5e746178a4
e56db65b09e8073623e32be83f02b8b3cb436aaa06db8dd19657045e48eef0ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2459
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 12:17:06 GMT
Last-Modified: Wed, 05 Oct 2022 11:36:07 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=f3d4cc875805e68894669a51e0ba4649
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=f3d4cc875805e68894669a51e0ba4649
IP 31.13.72.12:0
File type ASCII text, with very long lines (13192)
Hash 2478018929e960a07be7402e49a39d39
f689c4215513e18e1875421c7c85c8e4eb0aefb6
46a03b0dacf388818a0d6eb822bbf1418bfbc3eb810488cb18b999cb87ae7ae9
GET /en_US/sdk.js?hash=f3d4cc875805e68894669a51e0ba4649 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rsmps.in
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: f43a93cf5138222a35041d910a4412c5
etag: "274a40db2479c8f2a74f29a6bf34fa65"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Thu, 05 Oct 2023 08:22:52 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: JHgBiSnpYKB750AuSaOdOQ==
x-fb-debug: Udi27YcDWuZoGi0kKDx2+NjgJ/5CE5KxdIht2/VDU07ZPa4qlIuV6qYJEhULoeVUgiYnDPqXbOEOrmohwvpn9g==
content-length: 86932
x-fb-trip-id: 1904183273
date: Wed, 05 Oct 2022 12:17:06 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rsmps.in/image/FavIcon.png
164.52.212.58404 Not Found 1.2 kB URL HTTP/1.1 rsmps.in/image/FavIcon.png
IP 164.52.212.58:0
ASN #132420 282, Sector 19
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /image/FavIcon.png HTTP/1.1
Host: rsmps.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/default.aspx?html=UrJr.pptx
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 05 Oct 2022 12:17:06 GMT
Content-Length: 1245
api.share.baidu.com/s.gif?l=http://rsmps.in/default.aspx?html=UrJr.pptx
180.101.212.103200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://rsmps.in/default.aspx?html=UrJr.pptx
IP 180.101.212.103:0
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://rsmps.in/default.aspx?html=UrJr.pptx HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rsmps.in/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Wed, 05 Oct 2022 12:17:06 GMT
hm.baidu.com/hm.js?ba1510cb327676faaaced4a5a209bb34
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?ba1510cb327676faaaced4a5a209bb34
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (631)
Hash ec70ac73159fd14e2ad761b337ce2bb1
71dde45332c75c73a104da697c011f802ef452fe
4ece68947d02c7fe37f25a7c109636d83af713fdcc97f6d1e2bb26382e120932
GET /hm.js?ba1510cb327676faaaced4a5a209bb34 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11344
Content-Type: application/javascript
Date: Wed, 05 Oct 2022 12:17:06 GMT
Etag: 15eeb7f418c876260b11bc62332f7ec1
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=81132F1DF91D92AA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1549168831&si=ba1510cb327676faaaced4a5a209bb34&v=1.2.97&lv=1&sn=55552&r=0&ww=1280&ct=!!&u=http%3A%2F%2Frsmps.in%2Fdefault.aspx%3Fhtml%3DUrJr.pptx&tt=Ran%20Singh%20Model%20Public%20School
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1549168831&si=ba1510cb327676faaaced4a5a209bb34&v=1.2.97&lv=1&sn=55552&r=0&ww=1280&ct=!!&u=http%3A%2F%2Frsmps.in%2Fdefault.aspx%3Fhtml%3DUrJr.pptx&tt=Ran%20Singh%20Model%20Public%20School
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1549168831&si=ba1510cb327676faaaced4a5a209bb34&v=1.2.97&lv=1&sn=55552&r=0&ww=1280&ct=!!&u=http%3A%2F%2Frsmps.in%2Fdefault.aspx%3Fhtml%3DUrJr.pptx&tt=Ran%20Singh%20Model%20Public%20School HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 05 Oct 2022 12:17:07 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DCBC67BEBC6A21F9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.youtube.com/embed/fX7rQ6Rlg1I
142.250.74.174200 OK 0 B URL HTTP/2 www.youtube.com/embed/fX7rQ6Rlg1I
IP 142.250.74.174:0
GET /embed/fX7rQ6Rlg1I HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 05 Oct 2022 12:17:04 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=W1CId0Q4Eek; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=V9JJaRiNHOU; Domain=.youtube.com; Expires=Mon, 03-Apr-2023 12:17:04 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+012; expires=Fri, 04-Oct-2024 12:17:04 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Merriweather:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Merriweather:400,700
IP 142.250.74.10:0
GET /css?family=Merriweather:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rsmps.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 12:17:02 GMT
date: Wed, 05 Oct 2022 12:17:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/374003a5/player_ias.vflset/en_US/base.js
142.250.74.174200 OK 0 B URL HTTP/2 www.youtube.com/s/player/374003a5/player_ias.vflset/en_US/base.js
IP 142.250.74.174:0
GET /s/player/374003a5/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/fX7rQ6Rlg1I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 591773
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 14:51:02 GMT
expires: Tue, 03 Oct 2023 14:51:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:23:06 GMT
content-type: text/javascript
age: 163562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2