r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8307
Expires: Thu, 26 Jan 2023 11:04:47 GMT
Date: Thu, 26 Jan 2023 08:46:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9116
Expires: Thu, 26 Jan 2023 11:18:16 GMT
Date: Thu, 26 Jan 2023 08:46:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 08:35:16 GMT
content-type: application/json
age: 664
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5498
Expires: Thu, 26 Jan 2023 10:17:58 GMT
Date: Thu, 26 Jan 2023 08:46:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: f2pDbi+Q+QgaCYSqBqpFadxtn97kamM4NEKntlnMBPOQ9EtNDghdc+VxUBKgWtOGZ7WcGKo+gEI=
x-amz-request-id: GPA26QSGW4H2K6Z5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 07:48:53 GMT
age: 3447
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 08:46:20 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 07:49:01 GMT
age: 3439
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8471
Expires: Thu, 26 Jan 2023 11:07:32 GMT
Date: Thu, 26 Jan 2023 08:46:21 GMT
Connection: keep-alive
push.services.mozilla.com/
35.162.50.16101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.50.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AbPWHwhAK/L6spHuWRL9qg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hjJc/mpvyzFAV1YVCzlHHvEC0Rw=
uog.ac.rw/login.php
197.243.0.61200 OK 5.0 kB IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators
Hash 32beabb1c072c211318f13f4e4e89e4a
955d302e5a49dee87e990fbe60f9d8e27ebc4684
ff4b37f3d09e719aa397256147f4ec62ef4588824b869553c524366c7e9215e6
Analyzer Verdict Alert fortinet Malware
GET /login.php HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1; path=/
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4982
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
use.edgefonts.net/allura:n4:default.js
54.230.111.34403 Forbidden 915 B URL HTTP/1.1 use.edgefonts.net/allura:n4:default.js
IP 54.230.111.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 833144e011efec3c4db21569380f65b0
b0b41efcb35165ada678104cfa934a6f61fd8612
e234948a7b5d26d09ad2af522e92d19f32d74afeb4ce2b71b2e7f76bc78fc8b2
GET /allura:n4:default.js HTTP/1.1
Host: use.edgefonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Thu, 26 Jan 2023 08:46:21 GMT
Content-Type: text/html
Content-Length: 915
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VBEetpVuVsLQv5SaqBfMCAed5HxawBESy1fKEerYDsUk3IdF0KUNIw==
uog.ac.rw/js/bootstrap.min.js
197.243.0.61200 OK 11 kB URL HTTP/1.1 uog.ac.rw/js/bootstrap.min.js
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (32034)
Hash 4fcd57315984a24a3f4cbf474bd54dae
8861e684b355da1b3725bad63618bd95accbbb2e
1fbf678ae0a7b5898441804811f20b029a3d054c2044fcb58a7baf1715649e45
Analyzer Verdict Alert fortinet Malware
GET /js/bootstrap.min.js HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:13 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:21 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 10693
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: application/javascript
uog.ac.rw/js/isp_js.js
197.243.0.61200 OK 13 kB IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with CRLF line terminators
Hash f83a7c2d086c20707e8d6deae690244b
1c97294e0410e4ff7bb152e43ba937ae43f35766
54e3659b5cba063a87c4d1c7c1310c43acf3af2974c430086f1728fb395e29f4
Analyzer Verdict Alert fortinet Malware
GET /js/isp_js.js HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 18 Oct 2022 11:11:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:21 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 12637
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: application/javascript
uog.ac.rw/js/datepickr.min.js
197.243.0.61200 OK 3.1 kB URL HTTP/1.1 uog.ac.rw/js/datepickr.min.js
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (2039)
Hash 5d72892266996a7aa2663b9ab27eb1b2
9f36fdfd47ae043e90b689dd5e22a7d5e754a446
8210441983ea96b5dd31c714ae7c71b9dfd3c4f37a927d3735c525c7a8f67309
Analyzer Verdict Alert fortinet Malware
GET /js/datepickr.min.js HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:14 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3129
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: application/javascript
uog.ac.rw/js/jquery.blueimp-gallery.min.js
197.243.0.61200 OK 9.3 kB URL HTTP/1.1 uog.ac.rw/js/jquery.blueimp-gallery.min.js
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (33575), with no line terminators
Hash f0fd3c4fddb17c0163f8e1a0e571b2a9
df6e427e2a0f0b00a5d907a045e43f1e8a643cf9
f829b6cfcfe4ea3b56be4d5c50b02f253c55bff609c11f5ff66d62f9b51fa979
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.blueimp-gallery.min.js HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:14 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 9268
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: application/javascript
uog.ac.rw/js/jquery-2.1.4.min.js
197.243.0.61200 OK 30 kB URL HTTP/1.1 uog.ac.rw/js/jquery-2.1.4.min.js
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (32025)
Hash 2ca9231dcf45b3a31c33b52385d2a108
aa62aca64e1a3f0df05cbaaefa97cf2731078e36
fc15f63259eda6f3081019bfe590fd7352b7fcb5216c82131d55cd67fca5354a
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-2.1.4.min.js HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:13 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:21 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30461
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: application/javascript
uog.ac.rw/_css/ispg_main.css
197.243.0.61200 OK 3.2 kB URL HTTP/1.1 uog.ac.rw/_css/ispg_main.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type assembler source, ASCII text, with CRLF line terminators
Hash 19f568d5f46435d578111746e61dc9f5
db8a9cca25caa9b0da05310edc897c86268bc98c
f6fbeed05ceefa518a1f7649bc8fdd9d45d4b11b4e2e54b5ef5e0fc738667040
GET /_css/ispg_main.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 27 Sep 2022 12:20:57 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3219
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: text/css
uog.ac.rw/_css/datepickr.min.css
197.243.0.61200 OK 841 B URL HTTP/1.1 uog.ac.rw/_css/datepickr.min.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (1390)
Hash 0594b5ed410109026b3e67d9b620dd24
44757196f55cfaee366d49b835b14d78ec7d4cab
f01a17d9830a510a2da77c6003a45c21cc62c58a3a57568b04116d5a758870bc
GET /_css/datepickr.min.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 841
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/css
uog.ac.rw/_css/blueimp-gallery.min.css
197.243.0.61200 OK 1.5 kB URL HTTP/1.1 uog.ac.rw/_css/blueimp-gallery.min.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (6815), with no line terminators
Hash 7ee0db1f8fb081b226c8e6b2cf2dccbf
8f7ae1c0ffe28232270287087e402210be79ed5c
edf9fb871b104cfa28e7582f9fbfeb95a497d95633d8ebc23c5f108c98c3b21a
GET /_css/blueimp-gallery.min.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1471
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: text/css
uog.ac.rw/_css/bootstrap-image-gallery.min.css
197.243.0.61200 OK 523 B URL HTTP/1.1 uog.ac.rw/_css/bootstrap-image-gallery.min.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (1472), with no line terminators
Hash 14644fe2a863c9a4ada3281ca22c566f
72a275d3244ad851ba9bf4a345d17178b5690dbe
a206acc9b41c27c8fc12a82ca5d31a774f2dc0b7e573af8a0f039aaae34b0ed3
GET /_css/bootstrap-image-gallery.min.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 523
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/css
uog.ac.rw/slick/slick.css
197.243.0.61200 OK 564 B URL HTTP/1.1 uog.ac.rw/slick/slick.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
Hash df9ddc169558ee29da096e1e04f0429e
b124ae7fc80661c4e5ad6b11c6d1223e3f34b152
c7a3a8e516a3b9a8116c35771f33605a85d709596f052f1957d1d1d61579f572
GET /slick/slick.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Sun, 07 Feb 2016 15:43:44 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 564
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/css
uog.ac.rw/slick/slick-theme.css
197.243.0.61200 OK 887 B URL HTTP/1.1 uog.ac.rw/slick/slick-theme.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
Hash f91fea3ef4e9f8f983b5af1aa719a482
7c693da05f3f157b8816b06c23a73a7d97262349
2cfd5015c990b8bb35c05be40fd75b878f35adc6f582af05d0ede57f9fac66c7
GET /slick/slick-theme.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Sun, 07 Feb 2016 15:43:44 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 887
Keep-Alive: timeout=5, max=9997
Connection: Keep-Alive
Content-Type: text/css
uog.ac.rw/_css/bootstrap.css
197.243.0.61200 OK 22 kB URL HTTP/1.1 uog.ac.rw/_css/bootstrap.css
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (540)
Hash c3b721d9a6243381cf47ba5fbe0cb51c
b3870319301c1e9567039e4dc90205ea8257970f
f30e1f0a976381cde0fdbd2fc914d6486ba8d363db02c52b3b2ed9e92536ea78
GET /_css/bootstrap.css HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:14 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 21572
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17383
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 08:46:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17383
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 08:46:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17383
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 08:46:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VATQ0SjZfM_btXwR4M5keLmd-EE6717EHEiXrF2zpHNrli93EhN6Rw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:48:42 GMT
age: 39460
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hUp-Y119Uly8FlGe1Wr8b-_pNoyg_iV-KaNaC7Fo44iN_sDU3BnCbA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:35:29 GMT
age: 4253
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c331b0423afe4c6888533296b5f275bc
766aba1f8bb596a068f4e611161fa54616f506ed
0551882e8ba5962ca2c3a8634574e75f11321d46f9c901430614a9c73eaeae12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 1c0f08ae-9b11-4c41-a6e9-819343332f34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF-fElWIAMFg8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf838f-6cf92e9d28ec0c9727e7419a;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A9cyJReV84QegjGfuOcBlZ-T6uefiGXXKnIBXIcn3a1x0kRYQ6XI3A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:13:57 GMT
age: 5545
etag: "766aba1f8bb596a068f4e611161fa54616f506ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7458f7a9b2070055df6f1d496794e43e
0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9
373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12758
x-amzn-requestid: c3540562-8c62-4957-9528-7ae952daebaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9gf1E87oAMFpsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c87acb-49fd3f78275937e24d23fca3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 23:03:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mjK4GJ3UCEuHk4XqmXdZCWHTVvJeX8Z2HFaem2GYzqfqlPSd_h6DfA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:33:59 GMT
age: 4343
etag: "0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13cd008fb3e2739ec7caadadbd427655
c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1
a300a4fde1863c8b806d0557d9f0adaed19e1c612989d7e3f79a7bb45e6e74dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8822
x-amzn-requestid: e16ae781-25f3-4b7d-b62b-85b35d6571c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYRwF2KIAMFjDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0d7-377f24bd18dea32564b148bd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n2ULSpeRMRZ9CDjmrwd56ti_gPYh9ApC521naXURI2Bh1eiKwjyHZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:51:26 GMT
age: 39296
etag: "c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ed67ca9bce75476cc13c83abe463bc7
242e26653f691852678a2a32fd17d58fb4747126
a54b909a228e7ac3c6a98e553445905cac7664a2a9208af9abba149f11881d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4513
x-amzn-requestid: 4caaaf23-4e35-4a1e-983a-5c556d009ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOi2OG15IAMFxKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b5a-643a67517111200131d532f6;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DC1yx2ngTkDe6jX4jwmNVfOxDR6CXmw0fF_wgsM5E-kdMw21u25v0g==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:13:19 GMT
age: 16383
etag: "242e26653f691852678a2a32fd17d58fb4747126"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
uog.ac.rw/slick/slick.min.js
197.243.0.61200 OK 11 kB URL HTTP/1.1 uog.ac.rw/slick/slick.min.js
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type ASCII text, with very long lines (32012)
Hash 9b2505df7c7d0dcc08b82dca4e58f4d6
7307775ce3a23dbf21951d2a8e282135f4cd3983
d1e3f743a74897462c60b03f44ca4a9fd52464a1bca9079e9c4e19ba60c0d7be
Analyzer Verdict Alert fortinet Malware
GET /slick/slick.min.js HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Sun, 07 Feb 2016 15:43:44 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sat, 25 Feb 2023 08:46:22 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 10683
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: application/javascript
badges.instagram.com/static/images/ig-badge-view-24.png
31.13.72.53301 Moved Permanently 0 B URL HTTP/1.1 badges.instagram.com/static/images/ig-badge-view-24.png
IP 31.13.72.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/images/ig-badge-view-24.png HTTP/1.1
Host: badges.instagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/
HTTP/1.1 301 Moved Permanently
Location: https://badges.instagram.com/static/images/ig-badge-view-24.png
Content-Type: text/plain
Server: proxygen-bolt
Date: Thu, 26 Jan 2023 08:46:25 GMT
Connection: keep-alive
Content-Length: 0
use.edgefonts.net/allura:n4:default.js
54.230.111.34403 Forbidden 915 B URL HTTP/1.1 use.edgefonts.net/allura:n4:default.js
IP 54.230.111.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 786148729440875ff0fceee32f79d8d0
b42e096e91e7875ed71c1ca56806398aae97faeb
6bb09cb2bd1cb050ca4fa07b3486d0e0998a0d3dbbb9e68127c5a3e664342f3e
GET /allura:n4:default.js HTTP/1.1
Host: use.edgefonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Thu, 26 Jan 2023 08:46:25 GMT
Content-Type: text/html
Content-Length: 915
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UQN-nl_qEokEdFWi4MzIyz5Fa4DYewQRT4-NzH7I4Sb3q_XZ61MPEw==
badges.instagram.com/static/images/ig-badge-view-sprite-24.png
31.13.72.53301 Moved Permanently 0 B URL HTTP/1.1 badges.instagram.com/static/images/ig-badge-view-sprite-24.png
IP 31.13.72.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/images/ig-badge-view-sprite-24.png HTTP/1.1
Host: badges.instagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/
HTTP/1.1 301 Moved Permanently
Location: https://badges.instagram.com/static/images/ig-badge-view-sprite-24.png
Content-Type: text/plain
Server: proxygen-bolt
Date: Thu, 26 Jan 2023 08:46:25 GMT
Connection: keep-alive
Content-Length: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 22d9811898264d1f4357663a4561316c
56766d6d0d51570a5b727d484be9b98884d2c611
8576f275f87d85b6472ae7d7adfdd904ff799002d09a53a2461cf7324afbce96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6428
Cache-Control: max-age=93338
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 08:46:25 GMT
Etag: "63d0ee5f-1d7"
Expires: Fri, 27 Jan 2023 10:42:03 GMT
Last-Modified: Wed, 25 Jan 2023 08:54:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 22d9811898264d1f4357663a4561316c
56766d6d0d51570a5b727d484be9b98884d2c611
8576f275f87d85b6472ae7d7adfdd904ff799002d09a53a2461cf7324afbce96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6229
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 08:46:25 GMT
Last-Modified: Thu, 26 Jan 2023 07:02:36 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 22d9811898264d1f4357663a4561316c
56766d6d0d51570a5b727d484be9b98884d2c611
8576f275f87d85b6472ae7d7adfdd904ff799002d09a53a2461cf7324afbce96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6429
Cache-Control: max-age=93338
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 08:46:26 GMT
Etag: "63d0ee5f-1d7"
Expires: Fri, 27 Jan 2023 10:42:04 GMT
Last-Modified: Wed, 25 Jan 2023 08:54:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
uog.ac.rw/favicon.ico
197.243.0.61404 Not Found 4.8 kB IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (334)
Hash 9db9709cce2899971d69becde492d24a
6c6860dca423ecda6071dd16badef422d7162fa4
89b21ab48edb73807f54341b9c55c710b009d6d6526f96370f0308c042845d76
GET /favicon.ico HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 404 Not Found
Date: Thu, 26 Jan 2023 08:46:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4809
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
uog.ac.rw/_img/nursingsc.jpg
197.243.0.61200 OK 191 kB URL HTTP/1.1 uog.ac.rw/_img/nursingsc.jpg
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1024x768, components 3\012- data
Size 191 kB (191297 bytes)
Hash 672d6c4b3655e7d2a3ca55ef60bc9444
d3a711abbbb0d980e82a369dc0455f2f656d1516
98ab9f618ebb62bc7b4a445e7435116ff5c94a865fff5fa3afb1fbbfca630478
GET /_img/nursingsc.jpg HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:25 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Sun, 07 Feb 2016 15:45:21 GMT
Accept-Ranges: bytes
Content-Length: 191297
Cache-Control: max-age=31536000
Expires: Fri, 26 Jan 2024 08:46:25 GMT
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: image/jpeg
uog.ac.rw/_img/uglogo.png
197.243.0.61200 OK 229 kB URL HTTP/1.1 uog.ac.rw/_img/uglogo.png
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type PNG image data, 708 x 708, 8-bit/color RGBA, non-interlaced\012- data
Size 229 kB (228694 bytes)
Hash 7753fe1f7896df144a963809951ba2b8
d3d92e30b9c16c1d755a00ca26ea3fedc9e30a0c
3b1b8b81282e9324c59d233918b4c8be04f410b9530c3b140d1a79c77efb73ba
GET /_img/uglogo.png HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:25 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:15 GMT
Accept-Ranges: bytes
Content-Length: 228694
Cache-Control: max-age=31536000
Expires: Fri, 26 Jan 2024 08:46:25 GMT
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: image/png
uog.ac.rw/fonts/glyphicons-halflings-regular.woff2
197.243.0.61200 OK 18 kB URL HTTP/1.1 uog.ac.rw/fonts/glyphicons-halflings-regular.woff2
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Analyzer Verdict Alert fortinet Malware
GET /fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://uog.ac.rw/_css/bootstrap.css
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:26 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Thu, 07 Nov 2019 09:46:14 GMT
Accept-Ranges: bytes
Content-Length: 18028
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=9997
Connection: Keep-Alive
Content-Type: font/woff2
uog.ac.rw/_img/social_sprite.png
197.243.0.61200 OK 13 kB URL HTTP/1.1 uog.ac.rw/_img/social_sprite.png
IP 197.243.0.61:0
ASN #37228 Olleh-Rwanda-Networks
File type PNG image data, 180 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 0b62c4943262b2f1434c7439feda3fee
3b37abd4a58ec6fc55a1f30567f17dfbcf79d0ce
97dee64f8cc3066b9367038bd67bb2e8851b084d3333c73922569ffc2deb2ed9
GET /_img/social_sprite.png HTTP/1.1
Host: uog.ac.rw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uog.ac.rw/login.php
Cookie: PHPSESSID=mhd46sfpv1090gf201glnrnem1
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 08:46:27 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Sun, 07 Feb 2016 15:45:21 GMT
Accept-Ranges: bytes
Content-Length: 12765
Cache-Control: max-age=31536000
Expires: Fri, 26 Jan 2024 08:46:27 GMT
Keep-Alive: timeout=5, max=9997
Connection: Keep-Alive
Content-Type: image/png
badges.instagram.com/static/images/ig-badge-view-sprite-24.png
31.13.72.53404 Not Found 0 B URL HTTP/2 badges.instagram.com/static/images/ig-badge-view-sprite-24.png
IP 31.13.72.53:0
GET /static/images/ig-badge-view-sprite-24.png HTTP/1.1
Host: badges.instagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://uog.ac.rw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
date: Thu, 26 Jan 2023 08:46:25 GMT
vary: Accept-Language
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://i.instagram.com/graphql_www https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com https://*.od.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://*.fbsbx.com; object-src 'none'; upgrade-insecure-requests
cross-origin-embedder-policy-report-only: require-corp;report-to="coep"
report-to: {"group": "coep", "max_age": 86400, "endpoints": [{"url": "/security/coep_report/"}]},{"group": "coop", "max_age": 86400, "endpoints": [{"url": "/security/coop_report/"}]}
origin-trial: AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop"
x-content-type-options: nosniff
x-xss-protection: 0
x-ig-push-state: c2
x-aed: 75
access-control-expose-headers: X-IG-Set-WWW-Claim
x-ig-request-elapsed-time-ms: 22
x-ig-peak-time: 1
content-length: 20955
x-ig-origin-region: rva
x-fb-trip-id: 1512268381
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
badges.instagram.com/static/images/ig-badge-view-24.png
31.13.72.53404 Not Found 0 B URL HTTP/2 badges.instagram.com/static/images/ig-badge-view-24.png
IP 31.13.72.53:0
GET /static/images/ig-badge-view-24.png HTTP/1.1
Host: badges.instagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://uog.ac.rw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
date: Thu, 26 Jan 2023 08:46:25 GMT
vary: Accept-Language
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://i.instagram.com/graphql_www https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com https://*.od.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://*.fbsbx.com; object-src 'none'; upgrade-insecure-requests
cross-origin-embedder-policy-report-only: require-corp;report-to="coep"
report-to: {"group": "coep", "max_age": 86400, "endpoints": [{"url": "/security/coep_report/"}]},{"group": "coop", "max_age": 86400, "endpoints": [{"url": "/security/coop_report/"}]}
origin-trial: AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop"
x-content-type-options: nosniff
x-xss-protection: 0
x-ig-push-state: c2
x-aed: 75
access-control-expose-headers: X-IG-Set-WWW-Claim
x-ig-request-elapsed-time-ms: 36
x-ig-peak-time: 1
content-length: 20955
x-ig-origin-region: rva
x-fb-trip-id: 1512268381
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2