firefox.settings.services.mozilla.com/v1/
18.244.155.19200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.244.155.19:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 18:26:25 GMT
Expires: Sat, 22 Oct 2022 19:01:27 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5633f59304cdd2083a4c0ecbd4c997b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: hGTfVzGHyCqLZObD5ai_ut8uGvsNE1_08stwv8xh4iZxRwOT4az2gw==
Age: 470
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7713
Expires: Sat, 22 Oct 2022 20:42:49 GMT
Date: Sat, 22 Oct 2022 18:34:16 GMT
Connection: keep-alive
v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/login.php
103.48.82.152301 Moved Permanently 162 B URL HTTP/1.1 v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/login.php
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/fitnessbase/Config/net/login.php HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 22 Oct 2022 18:34:16 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/login.php
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7730
Expires: Sat, 22 Oct 2022 20:43:06 GMT
Date: Sat, 22 Oct 2022 18:34:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mqW6DiM2BoRfExBBVgAY5QO0iG545c2Qto6bomzIIkhdxMQxVYAYM1afGmCR1ElNpUvt/b8rS3w=
x-amz-request-id: KQDTK7Z60X7XD1ZR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 18:07:44 GMT
age: 1592
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.244.155.19200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.244.155.19:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Pragma, Content-Length, Content-Type, ETag, Retry-After, Cache-Control, Last-Modified, Backoff, Expires
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 22 Oct 2022 18:03:52 GMT
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 18:24:23 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 743e66b1e30941714e613f42d795162e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: dpmNDTNOFekEg3zrShH8iNKCtKDLXaibfhOGjGryO_NcFF5Wf-hVJA==
Age: 1827
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7df54cff4272c62db11dc80e3b531392
1c557ff85ac82a42f7e123aa3af566e3420ce98a
6810966c043f1fd22ffaca8f37c936da6760061bdc189980daabe1eda586606e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6810966C043F1FD22FFACA8F37C936DA6760061BDC189980DAABE1EDA586606E"
Last-Modified: Sat, 22 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21522
Expires: Sun, 23 Oct 2022 00:32:59 GMT
Date: Sat, 22 Oct 2022 18:34:17 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6267
Cache-Control: max-age=141415
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:17 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 09:51:12 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/login.php
103.48.82.152302 Found 0 B URL HTTP/2 v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/login.php
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/fitnessbase/Config/net/login.php HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sat, 22 Oct 2022 18:34:17 GMT
content-type: text/html; charset=UTF-8
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3; path=/
location: index
vary: User-Agent
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.43.58.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.58.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hmcX4qtNB65To6TONYClBA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pkbxLnF6KgE4A/2tnJjXTR2TH5A=
v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
103.48.82.152404 Not Found 14 kB URL HTTP/2 v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2840), with CRLF, LF line terminators
Hash 68cc421bb85f218dff78e193dce33c1b
f48b6f864224ff3995f4ae62c2817f99b313b550
0fca57307b9e5f412f2afddce77f00c3bbf29d97bb394523e9818b08e4718b51
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/fitnessbase/Config/net/index HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/html; charset=UTF-8
content-length: 14094
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://v1.novatic.vn/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ea20460028066b7fba2f10b51d883192
a73b8263a4477aceeda349c7beff7050de9df38b
f933a7ff2c6ec9189ba29fdf09da9125ac59d9c03b4a14e14e9f1b5fa5322b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-151125883-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-151125883-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash 6d462867b3b0b1dcebfcca9e3b8ae309
05100744de573643d6e3f6f27b6aa62d7e0cd380
efdc7f2157f052ccc761e69c5796f8c613cfd863c0292dea6407ea63fd1243c3
GET /gtag/js?id=UA-151125883-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Oct 2022 18:34:18 GMT
expires: Sat, 22 Oct 2022 18:34:18 GMT
cache-control: private, max-age=900
last-modified: Sat, 22 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43589
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 794a6d2df00fc15e8b4ed6ff4992525e
f8d67c7fd506709d7232298859fe2b3daf374f29
02d38690754b5d99178d576fe6df6c1ca881a2bbd806a75c633c371fac0221da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
v1.novatic.vn/wp-includes/css/dist/block-library/style.min.css?ver=5.1.15
103.48.82.152200 OK 5.7 kB URL HTTP/2 v1.novatic.vn/wp-includes/css/dist/block-library/style.min.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash e355698bc3f31c3b5b46fae9b929aa1f
10be8b5435935614aa85937d6ceee7d3e89c0dd9
77e67de528d08e1b7c5edd2a3c7dee7b0bb926a500d92b49622ec5375c982dea
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:04:10 GMT
vary: Accept-Encoding
etag: W/"6344dd2a-629d"
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Sat, 22 Oct 2022 20:55:35 GMT
Date: Sat, 22 Oct 2022 18:34:18 GMT
Connection: keep-alive
v1.novatic.vn/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5
103.48.82.152200 OK 15 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash 6d329761faacd87bac64bc69b3e9c9c1
1bbd6e005494b026542769c0c1ac06a33a56f7eb
21da5adbe22332b2f58b6bcdc5f1cc0c495cafba96b7d7d434516407f15b1c3b
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:02:59 GMT
vary: Accept-Encoding
etag: W/"6344dce3-d579"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/kd_vc_front.css?ver=5.1.15
103.48.82.152200 OK 36 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/kd_vc_front.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash f365f148394636d0b6973cd5b211d783
0eb83953f69c965bd2c2b69ec39068e6b018a3d7
3fc7eab00b60457c50be145c6a3746e75eeec4eac9998cdcf6134d10dfc0fd70
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/css/kd_vc_front.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-2ab65"
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -R91mOdVOCkUp-5vOpEyQactO7SrjtbYwxTsvbR1LP6fBlFZFDTP5A==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 74026
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Sat, 22 Oct 2022 20:55:35 GMT
Date: Sat, 22 Oct 2022 18:34:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hitgYm684zdpmL8IbPzFxhPWRrc2-VmnlofdTiPhJzkrc26mgXTTTA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:41 GMT
age: 74017
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26c47e4b0147f8dee3e71a53a8f2830c
381edb4758da428db5ffe884f8fb38bf11044f69
b507898359abbcb1f57821c147a58df66d7e81acc198afc997527b58cd835b39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ib4A9F4pA6k1iYdefeQokFkEkmqlEASJ2d20BQ6gqRYj3teYDu8Cyg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:14:20 GMT
age: 73198
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bade1dd-24b1-4bae-9ace-a120c6729946.jpeg
34.120.237.76200 OK 2.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bade1dd-24b1-4bae-9ace-a120c6729946.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76fdbaaa2ef28349492bdf0e44fa1208
6769eeb6762a3dd7dacf6a054fedf043acb463df
8c8b2db96e764f97aa91bd800b2a6f7bf6c9d96a9dd67f919f27b53074e339e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bade1dd-24b1-4bae-9ace-a120c6729946.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2305
x-amzn-requestid: d44cceea-ab77-400f-a7a6-ed80b9873106
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aE95TG2YoAMFiiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b76a1-57ed4d9437044cc1665e535b;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 03:12:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AsSDzjeB5RvDY9ZCxMe-b1bTQiQI6r2yB-PPBo9Qap4hWMINj4wmSA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 13:22:13 GMT
age: 18725
etag: "6769eeb6762a3dd7dacf6a054fedf043acb463df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kV1qS7kI7-DRm5Su-p133YIf_m4n6i16uBSDrGdsbMDPxD_2v1a69Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:20:05 GMT
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
age: 72853
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cdaacab30d73a7d05180cc16f4a96a3f
6cc0e39e0decbc20c765f171f63affd85fc9e6da
f015c3b1d838bd7d100ee104551bed2bb06a512b20ce3e5ac419d54b747fadd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10720
x-amzn-requestid: 96267527-f482-4bfa-ba7a-12467408efe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-MvGutIAMFc8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b7-25f2624559b0fb7d62ced3a3;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4--AiSTKMMOm9HnJL_ervFnd5rkQ-WZfGM-FNkxXKO892SPw67cxXA==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:11:42 GMT
age: 73356
etag: "6cc0e39e0decbc20c765f171f63affd85fc9e6da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/extensions/social_profiles/social_profiles/css/field_social_profiles_frontend.css?ver=1666463658
103.48.82.152200 OK 299 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/extensions/social_profiles/social_profiles/css/field_social_profiles_frontend.css?ver=1666463658
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash 5b40ea035fc8af28cb4a7793e946486c
6ed7dd21f7a25d91a193e6121c0b4993b7d02e23
0cc73e3ac86a83aa9078370d757c271b5813f18f302981b869b283c8b1a6406b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/extensions/social_profiles/social_profiles/css/field_social_profiles_frontend.css?ver=1666463658 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
content-length: 299
x-accel-version: 0.01
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
etag: "278-5eab98386bb0e-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.1.15
103.48.82.152200 OK 475 B URL HTTP/2 v1.novatic.vn/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
File type HTML document, ASCII text, with very long lines (907), with no line terminators
Hash 10bfe30b051cc8e5623c060c40796f6a
edf6fa5937686466999eda498f024be20e0e2a61
3223f5a15d9ba2a042a3fc49729c707fe7beeee2b3a87abc7f536a6755d93b33
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
content-length: 475
x-accel-version: 0.01
last-modified: Tue, 11 Oct 2022 03:04:10 GMT
etag: "38b-5eab987bf22e1-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/themes/leadengine/core/assets/js/bootstrap.min.js?ver=5.1.15
103.48.82.152200 OK 12 kB URL HTTP/2 v1.novatic.vn/wp-content/themes/leadengine/core/assets/js/bootstrap.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash 1a2107de2cb766c1801994d160c10e26
17fab869610f0380bdfcb6a7cb7747c058d950f2
067db4f7ad00cc35498858c859fcd42e57500c2e4e0fb753491ac0f876ec7dcc
GET /wp-content/themes/leadengine/core/assets/js/bootstrap.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:01 GMT
vary: Accept-Encoding
etag: W/"6344dce5-8c6f"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/kd_addon_script.js?ver=5.1.15
103.48.82.152200 OK 2.9 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/kd_addon_script.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash 522d717b2ba4e07e7dae18b00ea10530
693c66d4c7ff518f27b5c36b8b036c5a1297cffe
ac51a3e51cf580bf982b33b6289da5b66b569f50388b969602f6bc312cd09d28
GET /wp-content/plugins/keydesign-addon/assets/js/kd_addon_script.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-2086"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/jquery.easytabs.min.js?ver=5.1.15
103.48.82.152200 OK 3.8 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/jquery.easytabs.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash 891b24a87529218c96a479dda6b9d912
5b1bf56ce0c08946296a110d0c8bc10f63cd0b3c
9c44423a4033401f2d942d841cbf57adb97851150e0fdf98ea34b48ea53200e1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/js/jquery.easytabs.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-24a2"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/photoswipe.min.js?ver=5.1.15
103.48.82.152200 OK 14 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/photoswipe.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash ece6b126e9636e02396248e825c2834a
ce74fccafcbe3da550449fd6f345529a06e2875a
16f8afddb32f9a7f2b102269ed57d24c7d8657209bf00fb38f9a2742f89d261b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/js/photoswipe.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-7bee"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.2
103.48.82.152200 OK 5.1 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.2
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash d72956d00ba281040131b2353973652f
6e5d5ba3fcec322e73ee9db0a75acc1b0caac9b1
fe4263646715734cf168a198f7160167d969da2b2aca16fddd6270002a0fca7b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.2 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-3719"
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Oct 2022 05:42:51 GMT
expires: Fri, 20 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 219088
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 52483dc9b33d08588ff49f09996c8f2a
8fd4cc8ec5fd5d22733a76cda1d7b127ec89c8b5
3570bec74d0831dc57471ddfead4e6e075a814d8781ee8178377e906819baecc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5543
Cache-Control: max-age=163403
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:19 GMT
Etag: "6353fd4f-116"
Expires: Mon, 24 Oct 2022 15:57:42 GMT
Last-Modified: Sat, 22 Oct 2022 14:25:19 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
v1.novatic.vn/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1
103.48.82.152200 OK 47 kB URL HTTP/2 v1.novatic.vn/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash 2e3b526e3bfaf1fd527c0cd6266899d4
ed3d2cc14f8403ff50f223f845f12dcfd2e03bfc
198e14910222ddbfded5653b809936e38784c12cfa7200950ebdab0dc48a588f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:02 GMT
vary: Accept-Encoding
etag: W/"6344dce6-2638f"
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 78eb615608702c0b13883ec9a639897a
b5370eef8ce454c3cdd4c82c02e06e2c071065e5
9d400e867c4a74f3f173b5b919eab8f4b2d32f7651ce484d12df063d03825c69
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5453
Cache-Control: max-age=112532
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:19 GMT
Etag: "635336f2-1d7"
Expires: Mon, 24 Oct 2022 01:49:51 GMT
Last-Modified: Sat, 22 Oct 2022 00:18:58 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
v1.novatic.vn/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
103.48.82.152200 OK 77 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.4.7
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:19 GMT
content-type: application/octet-stream
content-length: 77160
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
etag: "6344dce4-12d68"
accept-ranges: bytes
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/photoswipe-ui-default.min.js?ver=5.1.15
103.48.82.152200 OK 9.0 kB URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/photoswipe-ui-default.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash b526bb7078b2216d1df273825c083838
9520663581b0c8d05674d522c3572df49fb3b284
59a6cd4429016eb7f0e58216e8a42e6aaaaab4a8bdcc9debe8436a4137a2057b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/js/photoswipe-ui-default.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-2694"
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 52483dc9b33d08588ff49f09996c8f2a
8fd4cc8ec5fd5d22733a76cda1d7b127ec89c8b5
3570bec74d0831dc57471ddfead4e6e075a814d8781ee8178377e906819baecc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5543
Cache-Control: max-age=163403
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:19 GMT
Etag: "6353fd4f-116"
Expires: Mon, 24 Oct 2022 15:57:42 GMT
Last-Modified: Sat, 22 Oct 2022 14:25:19 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yC/l/en_US/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yC/l/en_US/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (41977)
Hash e5ac274375457b828912871811b4be94
3bbd528facf279eab4dc093a7fad9dbc837689eb
602f6ee48130b3bcb4e21f4307bd1c83d110182e1fb4cb8f118171d10c6f5ae4
GET /rsrc.php/v3iEpO4/yC/l/en_US/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Oct 2023 17:16:08 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 5awnQ3VFe4KJEocYEbS+lA==
x-fb-debug: 6hk8axzsTHHD/aXWJn8iNzJxANRmcVGYhmhIK4e/3cEmt6ftsrhKTL1McpR38inER4tM1qWkRGAy9XsVGb1LAA==
content-length: 23273
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 18:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 22:50:13 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: 6TBMwai3S1JoI37VvgOAe6fwl2WksmrTDvx8J/n3OhkvDiVij59aJ8oY54m6GqU5fY4j1fmOvkR6QRm7kt8TuQ==
content-length: 827
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 18:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yP/r/1ridkJUzL6Y.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yP/r/1ridkJUzL6Y.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (18610)
Hash 05c865bdb03fd355ecf1a3914bcbddca
388bfa02d8f49cd1e562f8e3edb7dbd4d1750526
88b309525161c6f4bfa256662f484c7f88eab8680592e46cc85e94d6a2e2a4ba
GET /rsrc.php/v3/yP/r/1ridkJUzL6Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 19 Oct 2023 22:04:42 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: BchlvbA/01Xs8aORS8vdyg==
x-fb-debug: l2h5VieRR+5C00L3byj8GZNbzVMJIaiSr/foyROerH6Mc6SfAi/DTVvebb/crSZ8WEVNbsAPOb202hF0xtAiBQ==
content-length: 91043
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 18:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (8260)
Hash 423680c027a5a6cbfb893e2bbbe5fb30
d0ec94ab46f900be668765770ae683b1d490ecf6
08db3ae44ff2ed1801c8f61b8ef60cf7e713788d3cdc7b93f1dd15849c2e5c98
GET /rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 20:11:08 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: QjaAwCelpsv7iT4ru+X7MA==
x-fb-debug: emNmOH/inhw8wUPkGUVLvYM28hso+z5owrNUalWbAwCQaQdwESGPP5pvYsBMRexQgTN1v+k5RvV3GAck6wzdmw==
priority: u=3,i
content-length: 16192
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 18:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 22 Oct 2022 16:41:09 GMT
expires: Sat, 22 Oct 2022 18:41:09 GMT
cache-control: public, max-age=7200
age: 6791
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
v1.novatic.vn/wp-content/uploads/2019/06/Novatic512.png
103.48.82.152200 OK 77 kB URL HTTP/2 v1.novatic.vn/wp-content/uploads/2019/06/Novatic512.png
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
File type PNG image data, 512 x 512, 8-bit/color RGBA, interlaced\012- data
Hash 59f4a432f223638d7d397f1e484a0153
4f3e1b6acf0ff5d350c9d4ada837ad7387ba426f
310ad2bbf26303a2b440c0e56b3aebe33bc93d9f24cc6fc12165f618901cf880
GET /wp-content/uploads/2019/06/Novatic512.png HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:20 GMT
content-type: image/png
content-length: 76997
last-modified: Tue, 11 Oct 2022 03:02:58 GMT
etag: "6344dce2-12cc5"
accept-ranges: bytes
X-Firefox-Spdy: h2
www.youtube.com/watch?v=DwsYAWwPfuE&_=1
142.250.74.142200 OK 272 kB URL HTTP/2 www.youtube.com/watch?v=DwsYAWwPfuE&_=1
IP 142.250.74.142:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (57275)
Size 272 kB (272330 bytes)
Hash 0da61bed067e99b59f038798d7e8aa8c
6e7dfef69b01f7687cdc3ba2a5dec5c1989ed44b
3040cfd362b0f37ef8693054e8e572167a3cdae6a09e6b1ff5077ca3bfb89ebd
GET /watch?v=DwsYAWwPfuE&_=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 22 Oct 2022 18:34:20 GMT
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
server: ESF
x-xss-protection: 0
set-cookie: YSC=NkkRXiOxr-I; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=; Domain=.youtube.com; Expires=Sun, 26-Jan-2020 18:34:20 GMT; Path=/; Secure; HttpOnly; SameSite=none
__Secure-YEC=CgtqamFpZGJfUEt6TSis79CaBg%3D%3D; Domain=.youtube.com; Expires=Tue, 21-Nov-2023 18:34:19 GMT; Path=/; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+671; expires=Mon, 21-Oct-2024 18:34:20 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4061)
Hash d1ba68f146b01f4aef60d79aadb926ea
c6b4703c25d07fd2363e5d67d11e4846d9979b26
abbff04acf96f39a3121ed97505b5a23cbeee9057dd7040c58c4e423c899805d
GET /rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 21:44:42 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0bpo8UawH0rvYNearbkm6g==
x-fb-debug: iNVBAILEV7J3mL/qwsyOv82as7/LMuQCQc0lJTdvx7eZSPB9V8frrpyZDj//suY0C+9Kuvvjc7auHWsI3+Qdug==
content-length: 7236
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 18:34:20 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 12:31:58 GMT
expires: Sun, 22 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 21742
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 00:48:31 GMT
expires: Sat, 21 Oct 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 150349
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e082919080a1a229ac3eec9b7b857933
a5847abc620bd00e87afda17746b0a590e0c9464
ca7fa279357206e9e419d5b80281cc14bc5666b20ef262560dea86d31132c729
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e3ae8884dbbabf14b5929dbc3b512794
de6193115a075ac52ce357860db2e2ef9a83be8f
b28c05d5d828380e6afebdb13654fa0c2acdd6a074df31f17930612195eae656
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 18:28:39 GMT
expires: Sat, 22 Oct 2022 18:43:39 GMT
cache-control: public, max-age=900
age: 342
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 22 Oct 2022 18:34:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 78f2476e0e57d3c337ba3e29aafe7c32
8ca483064a69de5aef97b32126cb95c13dbd33c4
33459d0c1860c80ee0159e476727a4fb0e704de2c71ad01fdd5761702f90a0c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/novaticvn&%20height=180&show_faces=true&header=false&stream=false&show_border=false
157.240.221.35200 OK 13 kB URL HTTP/2 www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/novaticvn&%20height=180&show_faces=true&header=false&stream=false&show_border=false
IP 157.240.221.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17117)
Hash 28d221eab94c3a9500e30a78fe90e710
0cabc999a526322c3e75c45a8afb482b967a9c9d
d5977079f1834709c56aa19c3b051061637b7aae63ea3581f7fcb7f6d0e10aea
GET /plugins/likebox.php?href=https://www.facebook.com/novaticvn&%20height=180&show_faces=true&header=false&stream=false&show_border=false HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: EfP0XHo2HA7Ddi4/UvLygLdqL7i+mMMbsrq7bbjeDfwY/dr85JFvGa/eSWHPf5Zl3QSvJJ0z51cLHiP4jZSugw==
date: Sat, 22 Oct 2022 18:34:19 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1
103.48.82.152200 OK 11 kB URL HTTP/2 v1.novatic.vn/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Hash ed5546aa99c6f7bf47cd8df10bc0b190
a26db72d03a113556da7033c13ebf2dad5fe63f0
6108c7ee06d70fd38046d394e273e075bd1fa03e9ec87b4ecbb20f9ed9cf26ef
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:02 GMT
vary: Accept-Encoding
etag: W/"6344dce6-2be0"
content-encoding: gzip
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.138200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 22 Oct 2022 18:34:21 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.138200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.138:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash e94ed7d8c619730e1de47ea9290b8b78
1fdefbeaee2c98281c0d261217ea2a0a3d0bf54c
85464a8dd1499419f469effdfac7c8d0376fcf4a2baf4a077f8bd876df2315f3
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 22 Oct 2022 18:34:21 GMT
server: ESF
cache-control: private
content-length: 31136
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 60fcf0b588f9927fde2759de6b3e3fed
f564b9ea498a878638fa3a374bf6fdfe468559ad
ae3eb07b4b347d54014f24971dafb4dccbc009c397caec6a78403e92e65f3cbc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash aa309aedf8b141359457b1e4e2ccb131
c724074a6ca5a6d6e9647cac8e94477311f67fb4
79dedaea42a3a988a64fc4d1510cebc024c84eda44f3549da13d28bce54f2b2f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/4tfOQvN7jkOjl-XJptbJRMDKonuctR4YaRgLNEs4SL8.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/4tfOQvN7jkOjl-XJptbJRMDKonuctR4YaRgLNEs4SL8.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36136)
Hash 5a5214a3feab11b98bca6f689c4e1fbd
91be4d1d971b47a125d1f0629a84077a4ccb6dac
c36d4f6c3df3d4eb799bf1714829bf573730986452c954391ce91603dba89c11
GET /js/th/4tfOQvN7jkOjl-XJptbJRMDKonuctR4YaRgLNEs4SL8.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14290
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 23:51:20 GMT
expires: Sat, 21 Oct 2023 23:51:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 18 Oct 2022 16:00:00 GMT
content-type: text/javascript
age: 67381
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi_webp/DwsYAWwPfuE/default.webp
142.250.74.150200 OK 2.7 kB URL HTTP/2 i.ytimg.com/vi_webp/DwsYAWwPfuE/default.webp
IP 142.250.74.150:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 120x90, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3c1cd6330c0eaea9ca642d0447628df7
4dd45607f8099b3d254f5c73bd6c55f6592ffd38
1f67b1f00d75325968ecde16f2a351e5f288443a6318ebcb2ae2cc70ca25f66e
GET /vi_webp/DwsYAWwPfuE/default.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2714
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 18:34:21 GMT
expires: Sat, 22 Oct 2022 20:34:21 GMT
cache-control: public, max-age=7200
etag: "0"
content-type: image/webp
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f5a0403c34dd256feacb1af3a533cac1
f0433e15b73b22d61caff3a718a2ec745bdf7421
ca62e818ba50bcf980f8fca10ded9c1f190d0909ddc8d3de32b76eb7a9d99204
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash aa309aedf8b141359457b1e4e2ccb131
c724074a6ca5a6d6e9647cac8e94477311f67fb4
79dedaea42a3a988a64fc4d1510cebc024c84eda44f3549da13d28bce54f2b2f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu9-czuBQTD6MuxTY4jn0ofBw0xLC_6Txjefar8U=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.0 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu9-czuBQTD6MuxTY4jn0ofBw0xLC_6Txjefar8U=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 41c3a9350893d8813bbc64aa12a6d315
6755c47a651bc9ece05e3740e2c5ee43401d98c2
614d246da11528d60ec0cba78195305e305ff0d94180fe7c4c3cdfb634868388
GET /ytc/AMLnZu9-czuBQTD6MuxTY4jn0ofBw0xLC_6Txjefar8U=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 2958
x-xss-protection: 0
date: Sat, 22 Oct 2022 18:34:21 GMT
expires: Wed, 19 Oct 2022 21:35:33 GMT
cache-control: public, max-age=86400, no-transform
etag: "v9"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.138200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 22 Oct 2022 18:34:21 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.138200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.138:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 753d654a79a55c8aca1451f943ee950c
2ed83e1b859f8104370bad9b74b34a21be8012c0
7d19a0e94295d11c08a89ca23881467fe7935881ab16e5e46d77fc666589bb5e
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 938
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 22 Oct 2022 18:34:21 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f5a0403c34dd256feacb1af3a533cac1
f0433e15b73b22d61caff3a718a2ec745bdf7421
ca62e818ba50bcf980f8fca10ded9c1f190d0909ddc8d3de32b76eb7a9d99204
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
v1.novatic.vn/wp-content/themes/leadengine/style.css?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/themes/leadengine/style.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/leadengine/style.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:01 GMT
vary: Accept-Encoding
etag: W/"6344dce5-2bf91"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:02 GMT
vary: Accept-Encoding
etag: W/"6344dce6-1043"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/jquery.appear.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/jquery.appear.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/js/jquery.appear.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-c53"
content-encoding: gzip
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-runtime.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-runtime.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:21 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"31ca85b2b61bb42db4e40c2e9429f7dc"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e4539e183fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-chunk-common.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-chunk-common.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/js/twk-chunk-common.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:22 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"c262969ff89da8a8b3994883a0f57085"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e4539e183eb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
va.tawk.to/v1/widget-settings?propertyId=5e6a04fe8d24fc2265872d89&widgetId=default&sv=undefined
172.67.38.66200 OK 0 B URL HTTP/2 va.tawk.to/v1/widget-settings?propertyId=5e6a04fe8d24fc2265872d89&widgetId=default&sv=undefined
IP 172.67.38.66:0
GET /v1/widget-settings?propertyId=5e6a04fe8d24fc2265872d89&widgetId=default&sv=undefined HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://v1.novatic.vn/
Origin: https://v1.novatic.vn
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:22 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-kb91
access-control-allow-origin: *
access-control-allow-methods: GET,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, max-age=7200, s-maxage=1800
etag: W/"2-1-0"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e453a13be5b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-780"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/photoswipe.css?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/photoswipe.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-content/plugins/keydesign-addon/assets/css/photoswipe.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-ffd"
content-encoding: gzip
X-Firefox-Spdy: h2
embed.tawk.to/5e6a04fe8d24fc2265872d89/default
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/5e6a04fe8d24fc2265872d89/default
IP 172.67.38.66:0
GET /5e6a04fe8d24fc2265872d89/default HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:19 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-63258f417d7"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e453919882b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/player_api
142.250.74.142200 OK 0 B URL HTTP/2 www.youtube.com/player_api
IP 142.250.74.142:0
GET /player_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sat, 22 Oct 2022 18:34:20 GMT
date: Sat, 22 Oct 2022 18:34:20 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=G48Sbkkg1uc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Z1WJFEGVwhE; Domain=.youtube.com; Expires=Thu, 20-Apr-2023 18:34:20 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+304; expires=Mon, 21-Oct-2024 18:34:20 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/languages/en.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/languages/en.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/languages/en.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:22 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"585ba00b2c167b90c210161454f843b5"
age: 464946
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e453a47fe2b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/iconsmind.min.css?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/iconsmind.min.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-content/plugins/keydesign-addon/assets/css/iconsmind.min.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-1696b"
content-encoding: gzip
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-chunk-vendors.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-chunk-vendors.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:22 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"81c2642aac0b88b6b237d279f5f8ce67"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e4539e0837b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/photoswipe-default-skin.css?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/css/photoswipe-default-skin.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/css/photoswipe-default-skin.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-2d90"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:02:59 GMT
vary: Accept-Encoding
etag: W/"6344dce3-24b1d"
content-encoding: gzip
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-main.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-main.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:21 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e4539e0833b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-vendor.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-vendor.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:22 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e4539e0834b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
va.tawk.to/v1/session/start
172.67.38.66200 OK 0 B URL HTTP/2 va.tawk.to/v1/session/start
IP 172.67.38.66:0
OPTIONS /v1/session/start HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://v1.novatic.vn/
Origin: https://v1.novatic.vn
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:22 GMT
x-served-by: visitor-application-preemptive-wh72
access-control-allow-origin: https://v1.novatic.vn
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e453a13befb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%26subset%3Dlatin-ext&ver=5.1.15
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%26subset%3Dlatin-ext&ver=5.1.15
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A300%2C400%2C600%2C700%26subset%3Dlatin-ext&ver=5.1.15 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 22 Oct 2022 18:34:18 GMT
date: Sat, 22 Oct 2022 18:34:18 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/jquery/jquery.js?ver=1.12.4
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:02 GMT
vary: Accept-Encoding
etag: W/"6344dce6-17a69"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:02:59 GMT
vary: Accept-Encoding
etag: W/"6344dce3-40fd8"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/themes/leadengine/core/assets/js/scripts.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/themes/leadengine/core/assets/js/scripts.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-content/themes/leadengine/core/assets/js/scripts.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:01 GMT
vary: Accept-Encoding
etag: W/"6344dce5-4845"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.4.7
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.4.7
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.4.7 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-7706"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/wp-embed.min.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/wp-embed.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
GET /wp-includes/js/wp-embed.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:04:10 GMT
vary: Accept-Encoding
etag: W/"6344dd2a-56f"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:04:10 GMT
vary: Accept-Encoding
etag: W/"6344dd2a-4a9"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/jquery.easing.min.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/jquery.easing.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/js/jquery.easing.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-15b3"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:02 GMT
vary: Accept-Encoding
etag: W/"6344dce6-2748"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.6-78496d1
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.6-78496d1
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.6-78496d1 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:02 GMT
vary: Accept-Encoding
etag: W/"6344dce6-181a"
content-encoding: gzip
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63258f417d7/js/twk-app.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63258f417d7/js/twk-app.js
IP 172.67.38.66:0
GET /_s/v4/app/63258f417d7/js/twk-app.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v1.novatic.vn
Connection: keep-alive
Referer: https://v1.novatic.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:21 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 09:12:03 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75e4539e1843b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
v1.novatic.vn/wp-includes/js/wp-emoji-release.min.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-includes/js/wp-emoji-release.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:04:10 GMT
vary: Accept-Encoding
etag: W/"6344dd2a-2eaf"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/owl.carousel.min.js?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/keydesign-addon/assets/js/owl.carousel.min.js?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/keydesign-addon/assets/js/owl.carousel.min.js?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-a70e"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/themes/leadengine/core/assets/css/bootstrap.min.css?ver=5.1.15
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/themes/leadengine/core/assets/css/bootstrap.min.css?ver=5.1.15
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/leadengine/core/assets/css/bootstrap.min.css?ver=5.1.15 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:01 GMT
vary: Accept-Encoding
etag: W/"6344dce5-1f16f"
content-encoding: gzip
X-Firefox-Spdy: h2
v1.novatic.vn/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.7
103.48.82.152200 OK 0 B URL HTTP/2 v1.novatic.vn/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.7
IP 103.48.82.152:0
ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.7 HTTP/1.1
Host: v1.novatic.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://v1.novatic.vn/wp-content/themes/fitnessbase/Config/net/index
Cookie: PHPSESSID=1e6t1i608nsr73a7c3p6ts4se3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:18 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 03:03:00 GMT
vary: Accept-Encoding
etag: W/"6344dce4-70d6e"
content-encoding: gzip
X-Firefox-Spdy: h2