URL User Request GET HTTP/1.1 IP 198.54.114.202:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
threatfox QakBot
GET /or/or.php HTTP/1.1
Host: tm.rcm.edu.ng
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Wed, 12 Apr 2023 18:03:04 GMT
server: LiteSpeed
location: https://tm.rcm.edu.ng/or/or.php
x-turbo-charged-by: LiteSpeed
IP 172.64.155.188:0
Hash 61cc5be5dfd41d207ed4eb7eb965a545
a7097427b80cb894860920464042aca6dc75c10e
f6f96f2eaac8a8e9a041bdbabb59ba705f76681d3d77f136c29b1fe4f8c02963
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 12 Apr 2023 18:03:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 12 Apr 2023 01:00:29 GMT
Expires: Wed, 19 Apr 2023 01:00:28 GMT
Etag: "a7097427b80cb894860920464042aca6dc75c10e"
Cache-Control: max-age=542843,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b6d62493f25b503-OSL
URL User Request GET HTTP/1.1 IP 198.54.114.202:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a2a1740512167af953a0d58b404704d8
f42ed4475bc03f0365b80d51fa62430fa576f61b
7fb8bebf7770d571ee1c7d00d486ab2d6169c6deb1d569fdf1c2216824d8f55a
Analyzer Verdict Alert fortinet Malware
threatfox QakBot
GET /or/or.php HTTP/1.1
Host: tm.rcm.edu.ng
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
content-length: 183
content-encoding: br
vary: Accept-Encoding
date: Wed, 12 Apr 2023 18:03:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
tm.rcm.edu.ng/favicon.ico
198.54.114.202404 Not Found 1.2 kB URL GET HTTP/2 tm.rcm.edu.ng/favicon.ico
IP 198.54.114.202:443
Requested by https://tm.rcm.edu.ng/or/or.php
Certificate IssuerSectigo Limited
Subjecttm.rcm.edu.ng
Fingerprint73:28:56:27:27:C5:47:60:E3:B1:92:B2:C2:A5:05:B4:2E:4A:37:AD
ValidityWed, 28 Sep 2022 00:00:00 GMT - Thu, 28 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
GET /favicon.ico HTTP/1.1
Host: tm.rcm.edu.ng
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tm.rcm.edu.ng/or/or.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Wed, 12 Apr 2023 18:03:05 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2