r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20061
Expires: Sat, 28 Jan 2023 11:28:54 GMT
Date: Sat, 28 Jan 2023 05:54:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7003
Expires: Sat, 28 Jan 2023 07:51:16 GMT
Date: Sat, 28 Jan 2023 05:54:33 GMT
Connection: keep-alive
kmcthospital.com/standard2land/3mjjjyte=/password.php
103.195.186.173301 Moved Permanently 188 B URL HTTP/1.1 kmcthospital.com/standard2land/3mjjjyte=/password.php
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 1f065cbc89bd6fb787c51bbf5a823cc8
d2e293fc708dee71fae835c53787cb097693ebc3
29f2ecac5c155e0693a074498ce2b40027566b07c3b4621f98f764353770ff9a
Analyzer Verdict Alert fortinet Phishing
GET /standard2land/3mjjjyte=/password.php HTTP/1.1
Host: kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Sat, 28 Jan 2023 05:54:34 GMT
Content-Length: 188
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 05:35:28 GMT
content-type: application/json
age: 1145
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6231
Expires: Sat, 28 Jan 2023 07:38:24 GMT
Date: Sat, 28 Jan 2023 05:54:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: B+C73nArithas1rBYqbmQw3Nqbf3zcKZj6JdNZQsAAxtoXnmthlfa/LPJzf6fgxiK6hf1wiF6vY=
x-amz-request-id: GCVVNGG86VN4RC05
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 05:49:43 GMT
age: 290
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 05:54:33 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 05:49:03 GMT
age: 330
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20913
Expires: Sat, 28 Jan 2023 11:43:06 GMT
Date: Sat, 28 Jan 2023 05:54:33 GMT
Connection: keep-alive
push.services.mozilla.com/
52.42.252.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.252.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eqNZP61/R8WhNnAfFNYp8w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XZuEVdZTsS6kllH8DzipysrF+wI=
www.kmcthospital.com/standard2land/3mjjjyte=/password.php
103.195.186.173200 OK 5.1 kB URL HTTP/2 www.kmcthospital.com/standard2land/3mjjjyte=/password.php
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (446), with CRLF line terminators
Hash 140cd2025a6722faa250c4f7cbe1536a
b00dbc4c488eca87d52f07a0aae7b56ba078df91
14299d3d6b43ca07af6b56310cf6c31fb5d9b003b450286fe16aace9d7bff501
Analyzer Verdict Alert fortinet Phishing
GET /standard2land/3mjjjyte=/password.php HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
set-cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej; path=/; HttpOnly; SameSite=Lax
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:35 GMT
content-length: 5111
X-Firefox-Spdy: h2
www.kmcthospital.com/WebResource.axd?d=XLbUQuO-hrASu_LVFhjxApC7qD9oz4gIY-BBn21QWtUmoVMgESLCj9FaQihrZQW_MUd3OntyaK1krMi7aOyOh5hKOD41&t=637811927229275428
103.195.186.173200 OK 6.2 kB URL HTTP/2 www.kmcthospital.com/WebResource.axd?d=XLbUQuO-hrASu_LVFhjxApC7qD9oz4gIY-BBn21QWtUmoVMgESLCj9FaQihrZQW_MUd3OntyaK1krMi7aOyOh5hKOD41&t=637811927229275428
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 19de2925b4ef32421ee614034d32b74c
edf05a2a319f61a3b7ae9872dc0da276b050f2a7
91aca35fd9ce371718ff9dc1c13a7d2b15aeae531d418b5c9b18854c611bdde3
GET /WebResource.axd?d=XLbUQuO-hrASu_LVFhjxApC7qD9oz4gIY-BBn21QWtUmoVMgESLCj9FaQihrZQW_MUd3OntyaK1krMi7aOyOh5hKOD41&t=637811927229275428 HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-type: application/x-javascript
content-encoding: br
expires: Sat, 27 Jan 2024 12:53:26 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:35 GMT
content-length: 6194
X-Firefox-Spdy: h2
www.kmcthospital.com/css/CustomStyle.css
103.195.186.173502 Bad Gateway 0 B URL HTTP/2 www.kmcthospital.com/css/CustomStyle.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/CustomStyle.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 502 Bad Gateway
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:35 GMT
content-length: 0
X-Firefox-Spdy: h2
www.kmcthospital.com/images/call.png
103.195.186.173200 OK 356 B URL HTTP/2 www.kmcthospital.com/images/call.png
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash e83b884a4932bd7ee72b277534e76a53
3d5b356a73fa517961cee1eeafac3f3c1c30e365
62be2b564019d21ec1f83c038b8b8f9e5f8027128d9e472d4259496412719bc4
GET /images/call.png HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: image/png
last-modified: Sat, 17 Dec 2022 11:59:54 GMT
accept-ranges: bytes
etag: "ecba6d13f12d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 356
X-Firefox-Spdy: h2
www.kmcthospital.com/WebResource.axd?d=KndHT_7njKxeWmkPOi3DzGZ6BSKvEgLwvo_BEg0G7Z-T-eYqMPuPgLTyYOkwf_NaS4I0hPZlH8N-5CBL0AB4kHbA-E01&t=637811927229275428
103.195.186.173200 OK 7.3 kB URL HTTP/2 www.kmcthospital.com/WebResource.axd?d=KndHT_7njKxeWmkPOi3DzGZ6BSKvEgLwvo_BEg0G7Z-T-eYqMPuPgLTyYOkwf_NaS4I0hPZlH8N-5CBL0AB4kHbA-E01&t=637811927229275428
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash e4a4de866ff1d5d0e43080d6b2956584
a888e41d318b338c97ff0646609821b9cea9825b
bc1f6ccca8de5ae7e40892b0989e5fe389a38d4289546bf311ad469cc0f0906a
GET /WebResource.axd?d=KndHT_7njKxeWmkPOi3DzGZ6BSKvEgLwvo_BEg0G7Z-T-eYqMPuPgLTyYOkwf_NaS4I0hPZlH8N-5CBL0AB4kHbA-E01&t=637811927229275428 HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-type: application/x-javascript
content-encoding: br
expires: Sat, 27 Jan 2024 12:53:26 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 7318
X-Firefox-Spdy: h2
www.kmcthospital.com/images/location.png
103.195.186.173200 OK 392 B URL HTTP/2 www.kmcthospital.com/images/location.png
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 12 x 17, 8-bit/color RGBA, non-interlaced\012- data
Hash 040c868d17ee8d8c61f65a4753c9bb19
16ff7906f779f45793f43558506d06070636a8c8
8ef1e0aaac23892439507ee12bac72fbc4219126f954f86f80e32d45891d87b2
GET /images/location.png HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: image/png
last-modified: Sat, 17 Dec 2022 11:59:57 GMT
accept-ranges: bytes
etag: "81f44515f12d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 392
X-Firefox-Spdy: h2
www.kmcthospital.com/images/cancel.png
103.195.186.173200 OK 474 B URL HTTP/2 www.kmcthospital.com/images/cancel.png
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 24 x 24, 16-bit gray+alpha, non-interlaced\012- data
Hash c3a1cfd006f2d11d043e4f8a4ebda920
f850d0911131e74cea93d773ac8c95f6e5fbf99a
8ed4396ed14f281fc8acf5a39e5c6f4fdf23d6139cae3f25e5f2de73ad1f935e
GET /images/cancel.png HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: image/png
last-modified: Sat, 17 Dec 2022 11:59:54 GMT
accept-ranges: bytes
etag: "a1ea7213f12d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 474
X-Firefox-Spdy: h2
www.kmcthospital.com/images/mail.png
103.195.186.173200 OK 351 B URL HTTP/2 www.kmcthospital.com/images/mail.png
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash 7432896ef28194e8b8ffb6a772175e66
67be386731283acd37904b63cca47c426c202fdc
c9c7631f76d4831cb7e3d16141c7c506489f7a7074f2866b9b28d0e73a61921c
GET /images/mail.png HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: image/png
last-modified: Sat, 17 Dec 2022 11:59:57 GMT
accept-ranges: bytes
etag: "3558015f12d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 351
X-Firefox-Spdy: h2
www.kmcthospital.com/css/owl.carousel.min.css
103.195.186.173200 OK 1.3 kB URL HTTP/2 www.kmcthospital.com/css/owl.carousel.min.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (3174), with CRLF line terminators
Hash 120567a55423f183f40187d2d63e2adc
05e6073efd3be3e70adb10bc0196f677ea09fa5d
5a51034a56cc5e9db3d2e3dcb52f733caf703f6b780b88af4514575c62ccd71f
GET /css/owl.carousel.min.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:31 GMT
accept-ranges: bytes
etag: "c090c2781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 1270
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16619
Expires: Sat, 28 Jan 2023 10:31:34 GMT
Date: Sat, 28 Jan 2023 05:54:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16619
Expires: Sat, 28 Jan 2023 10:31:34 GMT
Date: Sat, 28 Jan 2023 05:54:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16619
Expires: Sat, 28 Jan 2023 10:31:34 GMT
Date: Sat, 28 Jan 2023 05:54:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97118e74a8f60620950e42a11c11d71b
d144bbb82392a6103810ac9baa5346ddbefb5c16
2ce0c9696cf9842243186e86bae28c22896a9f51837f4961b6c7e3cfdfb24bd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3774
x-amzn-requestid: deae2f1e-baec-408c-92a7-4859d4afed47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EgFAgoAMFXRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b6-32a2ff1a369e7b5f41ecbabd;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LFuIX1sQJzdq-wPvVXpX7vMspwXlYhj81foALxnjCQJITtIpPS8qdQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:57:22 GMT
age: 28633
etag: "d144bbb82392a6103810ac9baa5346ddbefb5c16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7f9ffe5-495a-4f90-a1f3-01e6bafe9287.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7f9ffe5-495a-4f90-a1f3-01e6bafe9287.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8744995437fb5a3fa77a14c2e72ac6f
f8ad682561dd204e1193bd6ea1fb7e8eccd51610
76445eced51bce8532ffd0ef6131b5c6d8f38a15267bcad99767795f9191efd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7f9ffe5-495a-4f90-a1f3-01e6bafe9287.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10213
x-amzn-requestid: f95cebd1-4305-4dda-b750-4801a441a6a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkFR5oAMFQQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-59ba391e439557731d323660;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zwgf-n7duw-e1D9LoJ9L9kYh7c_OfSsQCs_kat644Bm1feiwpnS1SA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:57:22 GMT
age: 28633
etag: "f8ad682561dd204e1193bd6ea1fb7e8eccd51610"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 05:20:03 GMT
age: 2072
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb319f83c-740d-415f-b846-a8262bdecebc.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb319f83c-740d-415f-b846-a8262bdecebc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 50175d32bf658166ca26db1633fdb95b
69bb6d345d73cd24fd33ad009cc1d3315e7d94e7
d3d3b551cc8b557a1f92a4d819cbb7ab618ef3fac9568f57513fb4905817dad4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb319f83c-740d-415f-b846-a8262bdecebc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5092
x-amzn-requestid: 05cd1dc0-54b4-457a-83f6-5f774e65766f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CwH_toAMFweQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-3a038caa6435720711028ac9;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b8qwvqxTXSugeN2wjEA1e1E_bUeWOsEzMZOMHeX9FpCAVsRnltLhyw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:55:35 GMT
age: 28740
etag: "69bb6d345d73cd24fd33ad009cc1d3315e7d94e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 28669
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d9747a7-0b4d-40bd-8d53-7702f8df2966.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d9747a7-0b4d-40bd-8d53-7702f8df2966.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 25fd26625a6c5339389faf4f6aa8fc6a
05aed76d3966ea8a02d4bbbeff7b41c8a5aac907
9a29ad65cb7a8632a2c454a4caeb43a10c5152ccf3dbab22d584276bdeeb0dbb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d9747a7-0b4d-40bd-8d53-7702f8df2966.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5746
x-amzn-requestid: 8ab00078-cdf9-465a-a493-64a488c9e634
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CwEIJIAMFutA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-3f9b5f031812e32f6625f1e6;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jUVP5rlieH6mUh_fgVz4D636AIMAo2JXJqBgzGSI_CyY2-8Pza4IKw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 01:37:10 GMT
age: 15445
etag: "05aed76d3966ea8a02d4bbbeff7b41c8a5aac907"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.kmcthospital.com/css/popup-style.css
103.195.186.173200 OK 818 B URL HTTP/2 www.kmcthospital.com/css/popup-style.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash ee224eeea9259915a4010bf65cca3513
948f5039cfc08ce8663b203e7930e5a7604216f7
00116be72295efebbb4b966fa8ddd7c07c5501efad4ea5040f6b50744f4e1ead
GET /css/popup-style.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:31 GMT
accept-ranges: bytes
etag: "fd9ca781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 818
X-Firefox-Spdy: h2
www.kmcthospital.com/images/logo.png
103.195.186.173200 OK 6.0 kB URL HTTP/2 www.kmcthospital.com/images/logo.png
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 163 x 63, 8-bit/color RGBA, non-interlaced\012- data
Hash 51f7165a9c6f000112e33ed40ac6e656
f7f08caef5732ac66966a1ad9b7888113f17b492
1ba89830a18a989169b0bfeedcf4b368d25fb5118d5388d214e63d46c948117b
GET /images/logo.png HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: image/png
last-modified: Sat, 17 Dec 2022 11:59:57 GMT
accept-ranges: bytes
etag: "60e45f15f12d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 5960
X-Firefox-Spdy: h2
www.kmcthospital.com/js/popup.js
103.195.186.173200 OK 490 B URL HTTP/2 www.kmcthospital.com/js/popup.js
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 4a65d5c6d3823fa475ea51c74d43d374
964c401c5a17aa3a4d610d272f3bcb7b550a80e6
20f67bf4bd2ef8becc96712124ce91950cda78ee19feab927068557a266f6027
Analyzer Verdict Alert fortinet Malware
GET /js/popup.js HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/javascript
content-encoding: br
last-modified: Sat, 17 Dec 2022 11:45:51 GMT
accept-ranges: bytes
etag: "63d8401dd12d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 490
X-Firefox-Spdy: h2
www.kmcthospital.com/js/main.js
103.195.186.173200 OK 1.0 kB URL HTTP/2 www.kmcthospital.com/js/main.js
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 2d94e47864bf8d81038e5294b3466849
b3f04d6d1bb8356bce3aa6811a717fb2ddbc076d
ba08cd1ac357978939cb76b5c41594e2c4b4b9618f48eb94ecde43fb602e5a53
Analyzer Verdict Alert fortinet Malware
GET /js/main.js HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/javascript
content-encoding: br
last-modified: Sat, 17 Dec 2022 11:45:51 GMT
accept-ranges: bytes
etag: "5268251dd12d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:36 GMT
content-length: 1022
X-Firefox-Spdy: h2
www.kmcthospital.com/js/owl.carousel.min.js
103.195.186.173200 OK 18 kB URL HTTP/2 www.kmcthospital.com/js/owl.carousel.min.js
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (31997)
Hash b6654ca8af157f31e48dd29117cf25e7
387d1f09b243344d0d0bde1052c8e3208b52c56e
5708cc10063e395085df7d8e9d609859cfbb27e7382016c5bf52ee60399d592e
Analyzer Verdict Alert fortinet Malware
GET /js/owl.carousel.min.js HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/javascript
content-encoding: br
last-modified: Sat, 17 Dec 2022 11:45:51 GMT
accept-ranges: bytes
etag: "afa3341dd12d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 18177
X-Firefox-Spdy: h2
www.kmcthospital.com/css/font-awesome.min.css
103.195.186.173200 OK 6.5 kB URL HTTP/2 www.kmcthospital.com/css/font-awesome.min.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (21822), with CRLF line terminators
Hash b46f6c54e98af7ff25bdc731dd41afa0
0c7a425cd217f4fc0b35eecd93141dec9189caf2
eab97c1f6d3107013555d19ae0237fce676bffa9bfb82386ab350d7832611f2d
GET /css/font-awesome.min.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:31 GMT
accept-ranges: bytes
etag: "4cb3a7781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 6518
X-Firefox-Spdy: h2
www.kmcthospital.com/css/demo.css
103.195.186.173200 OK 7.0 kB URL HTTP/2 www.kmcthospital.com/css/demo.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash a8d93756fce365d4731f8a1803adbe4e
f122f5e617bd3012259699e9205b8aefccf52423
90554596ccef46775b6722f2239ababde5a0c61f854c7fa7f678a44d72392a36
GET /css/demo.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:31 GMT
accept-ranges: bytes
etag: "fa4af781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 7022
X-Firefox-Spdy: h2
www.kmcthospital.com/js/bootstrap.min.js
103.195.186.173200 OK 22 kB URL HTTP/2 www.kmcthospital.com/js/bootstrap.min.js
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (48664)
Hash 65f9e3d338fecf8590f5d4ca19ca57e2
7e5975f8ab4388b92e1803727c17fcc055ea5383
9b9f753cfbb684a0ad843fb53004c21e90373ef680c7ec5ebcdc1b8f388cc9a7
Analyzer Verdict Alert fortinet Malware
GET /js/bootstrap.min.js HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/javascript
content-encoding: br
last-modified: Sat, 17 Dec 2022 11:45:50 GMT
accept-ranges: bytes
etag: "c056a81cd12d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 22103
X-Firefox-Spdy: h2
www.kmcthospital.com/css/all.css
103.195.186.173200 OK 18 kB URL HTTP/2 www.kmcthospital.com/css/all.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 6ccc32017fb1ee08c3af765de9e0aadb
7ad3c7e328986c9f749306600c854b90abd4aec6
7d143ba33151ccaa229060ff703c65e7f1699df2cd5980661c1786009bd13eef
GET /css/all.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:30 GMT
accept-ranges: bytes
etag: "6d493a781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 18404
X-Firefox-Spdy: h2
www.kmcthospital.com/css/style.css
103.195.186.173200 OK 21 kB URL HTTP/2 www.kmcthospital.com/css/style.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 412c3adcf42c82bebfe5864f0580e747
e76eb9a6a0f4a31dd0fc224b4d423121b7f1ac9c
9cc648365f9914cb7c2274d4cbd8762e7b8d7d1442f1e733cd26e63a7abfcd1c
GET /css/style.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:32 GMT
accept-ranges: bytes
etag: "904df2781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 21253
X-Firefox-Spdy: h2
www.kmcthospital.com/js/jquery-3.1.1.min.js
103.195.186.173200 OK 43 kB URL HTTP/2 www.kmcthospital.com/js/jquery-3.1.1.min.js
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (32030), with CRLF line terminators
Hash 188917525acd4cfa470e50e081b50c62
6033f5edc019f9be8d7a523772c5da33ceb32e1c
3105552fde44886e40e45575774970fdc556e1d269e769c1f76fefda030e5c13
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-3.1.1.min.js HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/javascript
content-encoding: br
last-modified: Sat, 17 Dec 2022 11:45:51 GMT
accept-ranges: bytes
etag: "354c41dd12d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 43381
X-Firefox-Spdy: h2
www.kmcthospital.com/css/bootstrap.css
103.195.186.173200 OK 45 kB URL HTTP/2 www.kmcthospital.com/css/bootstrap.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 298b1ccf7b6f24983cf5355e2fd1f174
63ca5ff41267c0b804617aebe25edee1b8a18637
c34b7c21be354ee10a53a4fa25017942598b2e7cdd878716341bf2bbb6a4ee53
GET /css/bootstrap.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:31 GMT
accept-ranges: bytes
etag: "b4336a781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 44925
X-Firefox-Spdy: h2
www.kmcthospital.com/js/jquery.min.js
103.195.186.173200 OK 52 kB URL HTTP/2 www.kmcthospital.com/js/jquery.min.js
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65479), with CRLF line terminators
Hash 33452a5c5d0ba9d172ff0d4bd4711037
0b71fab2fa3b9b3e431b0c2aa7898e1bb954bb13
5a3259252386a2a0c278145ebca97647ac4bab19140e33abb715f616b4a2be74
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.js HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/javascript
content-encoding: br
last-modified: Sat, 17 Dec 2022 11:45:51 GMT
accept-ranges: bytes
etag: "c47241dd12d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 51984
X-Firefox-Spdy: h2
www.kmcthospital.com/css/animate.css
103.195.186.173200 OK 12 kB URL HTTP/2 www.kmcthospital.com/css/animate.css
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash c493d2bd26b85da025d3b94b5dc9ae01
da621c86b4d1219a652459844b67fce1170750e8
f446082f0b300172af7720b5782014dc7a9e817dfdb093a6d835973947740047
GET /css/animate.css HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/standard2land/3mjjjyte=/password.php
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: text/css
content-encoding: br
last-modified: Sat, 17 Dec 2022 12:38:30 GMT
accept-ranges: bytes
etag: "93336781412d91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:38 GMT
content-length: 11641
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.kmcthospital.com/fonts/FontsFreeNetNekstLight.woff2
103.195.186.173200 OK 13 kB URL HTTP/2 www.kmcthospital.com/fonts/FontsFreeNetNekstLight.woff2
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (446), with CRLF line terminators
Hash 5eee1365a1c5b3c4dceb613ae7cbd029
03675b50a50a28a6f019df6d511baf5ce42bf1e0
04996558f58cc35aac309e13953cfca2f4fb4b3845363d9125e8af3b738ad552
Analyzer Verdict Alert fortinet Malware
GET /fonts/FontsFreeNetNekstLight.woff2 HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.kmcthospital.com/css/style.css
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:39 GMT
content-length: 13015
X-Firefox-Spdy: h2
www.kmcthospital.com/fonts/GTAmericaCondensedBold.woff2
103.195.186.173200 OK 6.8 kB URL HTTP/2 www.kmcthospital.com/fonts/GTAmericaCondensedBold.woff2
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 6788, version 1.0\012- data
Hash 82bbd99d1fd2fdde2ac813ddd2eafa3a
d7fbb8bceb3129a1d13e3fba6472990b3f365019
49a6d9f893d552157eec675f0b5062b11d9477cb232c96e12cdfde9f728842c7
Analyzer Verdict Alert fortinet Malware
GET /fonts/GTAmericaCondensedBold.woff2 HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.kmcthospital.com/css/style.css
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: font/x-woff2
last-modified: Sat, 17 Dec 2022 04:34:46 GMT
accept-ranges: bytes
etag: "8d2a7e4d011d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:39 GMT
content-length: 6788
X-Firefox-Spdy: h2
www.kmcthospital.com/fonts/FontsFreeNetNekstMedium.woff2
103.195.186.173200 OK 30 kB URL HTTP/2 www.kmcthospital.com/fonts/FontsFreeNetNekstMedium.woff2
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 29872, version 1.0\012- data
Hash cbeb022216db9453ccb07100b5b144f8
71de96bd9c24a7a23234ffc60599a771be4d7f00
891125104f80f752502ee9d11220a0749cb61a0806eaf85d7901863a0961ccc4
Analyzer Verdict Alert fortinet Malware
GET /fonts/FontsFreeNetNekstMedium.woff2 HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.kmcthospital.com/css/style.css
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: font/x-woff2
last-modified: Sat, 17 Dec 2022 04:34:41 GMT
accept-ranges: bytes
etag: "18f491e1d011d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:39 GMT
content-length: 29872
X-Firefox-Spdy: h2
www.kmcthospital.com/webfonts/fa-brands-400.woff2
103.195.186.173200 OK 77 kB URL HTTP/2 www.kmcthospital.com/webfonts/fa-brands-400.woff2
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 76736, version 331.-31196\012- data
Hash ed311c7a0ade9a75bb3ebf5a7670f31d
0613c7ebba55ee47ef302c0f7766324692f899a7
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef
Analyzer Verdict Alert fortinet Malware
GET /webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.kmcthospital.com/css/all.css
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: font/x-woff2
last-modified: Sat, 17 Dec 2022 04:35:16 GMT
accept-ranges: bytes
etag: "6c42dff5d011d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:39 GMT
content-length: 76736
X-Firefox-Spdy: h2
www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3912.374651577319!2d75.96588431480555!3d11.307302891962633!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x3ba64235bd9926bd%3A0x73e8c8c7a0d0d080!2sKMCT%20Medical%20College%20Hospital!5e0!3m2!1sen!2sin!4v1671253143612!5m2!1sen!2sin
216.58.211.4200 OK 1.6 kB URL HTTP/2 www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3912.374651577319!2d75.96588431480555!3d11.307302891962633!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x3ba64235bd9926bd%3A0x73e8c8c7a0d0d080!2sKMCT%20Medical%20College%20Hospital!5e0!3m2!1sen!2sin!4v1671253143612!5m2!1sen!2sin
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3431)
Hash 1c7c415c592817875933a5f9f73e41e7
3ed8c41020b51c1f06d4efaf93038b1b45e5cd37
660b4560f2b574c4f414f719c456d104fd9c54271441d552b5203d6ed0c79a5c
GET /maps/embed?pb=!1m18!1m12!1m3!1d3912.374651577319!2d75.96588431480555!3d11.307302891962633!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x3ba64235bd9926bd%3A0x73e8c8c7a0d0d080!2sKMCT%20Medical%20College%20Hospital!5e0!3m2!1sen!2sin!4v1671253143612!5m2!1sen!2sin HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-hIpCJP45dp83DHhJsVYUQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
pragma: no-cache
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Jan 2023 05:54:37 GMT
server: scaffolding on HTTPServer2
content-length: 1613
x-xss-protection: 0
x-content-type-options: nosniff
server-timing: gfet4t7; dur=153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en®ion=in&callback=onApiLoad
142.250.74.74200 OK 56 kB URL HTTP/2 maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en®ion=in&callback=onApiLoad
IP 142.250.74.74:0
File type ASCII text, with very long lines (2546)
Hash 65e92cbf373b3137cec4ec083de51db5
503012a14bb265e5bab04c884f1e799f885c3284
4100ae46e0c8092810e3b4ec91f5410086c6eab56b44385f3218727b98b8c8fb
GET /maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en®ion=in&callback=onApiLoad HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 56008
x-xss-protection: 0
x-frame-options: SAMEORIGIN
date: Sat, 28 Jan 2023 05:32:02 GMT
expires: Sat, 28 Jan 2023 06:02:02 GMT
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
age: 1355
server-timing: gfet4t7; dur=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.kmcthospital.com/fonts/FontsFreeNetNekstLight.woff
103.195.186.173200 OK 46 kB URL HTTP/2 www.kmcthospital.com/fonts/FontsFreeNetNekstLight.woff
IP 103.195.186.173:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format, TrueType, length 45972, version 1.0\012- data
Hash 00dddaea66f1f48e2ea621d78a97ae07
2be85531008d854577126914c585d259bb7639db
66a797f5c1d644b3b8a9d783cb0e2c91cd03aaf1dce895a3a1fc9bc275d05f07
Analyzer Verdict Alert fortinet Malware
GET /fonts/FontsFreeNetNekstLight.woff HTTP/1.1
Host: www.kmcthospital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.kmcthospital.com/css/style.css
Cookie: ASP.NET_SessionId=qrmyhqk1jfjraa4qiacghqej
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800
content-type: font/x-woff
last-modified: Sat, 17 Dec 2022 04:34:39 GMT
accept-ranges: bytes
etag: "a82733e0d011d91:0"
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Sat, 28 Jan 2023 05:54:39 GMT
content-length: 45972
X-Firefox-Spdy: h2
www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3912.374651577319!2d75.96588431480555!3d11.307302891962633!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x3ba64235bd9926bd%3A0x73e8c8c7a0d0d080!2sKMCT%20Medical%20College%20Hospital!5e0!3m2!1sen!2sin!4v1671253143612!5m2!1sen!2sin
216.58.211.4200 OK 1.6 kB URL HTTP/2 www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3912.374651577319!2d75.96588431480555!3d11.307302891962633!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x3ba64235bd9926bd%3A0x73e8c8c7a0d0d080!2sKMCT%20Medical%20College%20Hospital!5e0!3m2!1sen!2sin!4v1671253143612!5m2!1sen!2sin
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3431)
Hash eed0e986ef2c41145696e24eda36e57a
0e2d8104084b7497d105437e3fbfc8a96a79b5a4
250436760407dc97eddd5ad3257da6877802876b68a41e95424c3007d3c5254a
GET /maps/embed?pb=!1m18!1m12!1m3!1d3912.374651577319!2d75.96588431480555!3d11.307302891962633!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x3ba64235bd9926bd%3A0x73e8c8c7a0d0d080!2sKMCT%20Medical%20College%20Hospital!5e0!3m2!1sen!2sin!4v1671253143612!5m2!1sen!2sin HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.kmcthospital.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-TmA6n-oc-wDrVVyCEBR2Dg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Jan 2023 05:54:37 GMT
server: scaffolding on HTTPServer2
content-length: 1613
x-xss-protection: 0
x-content-type-options: nosniff
server-timing: gfet4t7; dur=153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.gstatic.com/maps-api-v3/embed/js/51/7/init_embed.js
216.58.207.227200 OK 69 kB URL HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/51/7/init_embed.js
IP 216.58.207.227:0
File type ASCII text, with very long lines (2599)
Hash fd4867728783671f13b38d1f073e7be9
ff5ba304ce5b2838e4b49b6cff833dede37e1098
52a398663110b5dc50e72094c287b049ec5ed33a2b639418e4e1a9c3d313b82c
GET /maps-api-v3/embed/js/51/7/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 69373
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 03:51:36 GMT
expires: Sun, 28 Jan 2024 03:51:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 21:48:16 GMT
content-type: text/javascript
age: 7381
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 05:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:33:54 GMT
expires: Thu, 25 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 210044
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 07:51:59 GMT
expires: Thu, 25 Jan 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 252159
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2