| xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ | 104.26.1.190 | 301 Moved Permanently | 0 B |
URL HTTP/1.1xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ IP104.26.1.190:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 11:39:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 26 Nov 2022 12:39:45 GMT
Location: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2FEDeXZqCCKYgzZ6Do%2B2r%2BPP6q2CuAs2jEXhFSt9wBWxGhQimF%2BOWyeV2gP%2BiAON4alZx8zWhUJwc81lxgF9RTtZp94dFiOI0ZPmXesdJN9TlfHDB9HKfVykiA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702586a2ea9b4f7-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hasha9f1d4d98705c281fed3b60343463200 db6f8aa98d2eda4e5473b116a222c3055568bb78 164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3079
Expires: Sat, 26 Nov 2022 12:31:04 GMT
Date: Sat, 26 Nov 2022 11:39:45 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash10730f388c028d64e19b8a48d414768f e43b104e57e5ea7ff8568835776858cf2ede6f00 f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5107
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:45 GMT
Last-Modified: Sat, 26 Nov 2022 10:14:38 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash260e9998c20d831b66f1029c8f47aac9 716d630f647c54dc69a7f9c63a6cac294b3df7f7 c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5752
Expires: Sat, 26 Nov 2022 13:15:37 GMT
Date: Sat, 26 Nov 2022 11:39:45 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash4d7e4eed097b9c4e5d509419f1cfc85a 290bb3d428a7c6330e2e3d73a952b16f820896c8 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 11:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1232
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0KAIzA50mV8YVfSNCGM2/wS7Z0A4c3acJw7NY5QORemFo/F354+yZdceHuxtbSSc7VfFSTYXkr8=
x-amz-request-id: GFEKS0WWB111AK84
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 10:41:10 GMT
age: 3515
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 345 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash961a8d6b7ae6a33fbdb5a08fedb47e8e f0953739e490fd7aca613e076545631aefe3de28 a2dfc58c822249eea75d3c460cb40ec5b46709da595c037a93c1e57bc3762f82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A2DFC58C822249EEA75D3C460CB40EC5B46709DA595C037A93C1E57BC3762F82"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1893
Expires: Sat, 26 Nov 2022 12:11:19 GMT
Date: Sat, 26 Nov 2022 11:39:46 GMT
Connection: keep-alive
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 11:39:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 1714
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashd3df71aab146eefc49acb608796aab63 8401892995193919376dfcd798b09c8261579454 a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5978
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Last-Modified: Sat, 26 Nov 2022 10:00:08 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
|
|
| ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw | 142.250.74.3 | 200 OK | 472 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw IP142.250.74.3:0
Hashca885322a5c78bdc3db8b3050f5d47b2 c9bed0da57af263d125c4cdc5f78272d42e221be d624a50bc7a5bfbd15ad89fa7bf6db3dcd88e9e9cafa832dbf83199cdda1fcfc
POST /s/gts1p5/d2XWmgr_SFw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw | 142.250.74.3 | 200 OK | 472 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw IP142.250.74.3:0
Hashca885322a5c78bdc3db8b3050f5d47b2 c9bed0da57af263d125c4cdc5f78272d42e221be d624a50bc7a5bfbd15ad89fa7bf6db3dcd88e9e9cafa832dbf83199cdda1fcfc
POST /s/gts1p5/d2XWmgr_SFw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| xamvn.sh/misc/flags/shiny/32/Benin.png | 104.21.7.17 | 200 OK | 913 B |
URL HTTP/2xamvn.sh/misc/flags/shiny/32/Benin.png IP104.21.7.17:0
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data Hash235efd55cc8d43da73df7762ca57b88d 71ec78754c3e0d368c797ec34fd395174845bdb0 8239794a6936af9bf81d1d7cd5d168c3a9324f686fddf6ff0b876ee0bab3d87a
GET /misc/flags/shiny/32/Benin.png HTTP/1.1
Host: xamvn.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: image/png
content-length: 913
last-modified: Thu, 08 Sep 2022 06:10:41 GMT
etag: "63198761-391"
x-powered-by: VPSSIM
expires: Sun, 18 Dec 2022 14:34:29 GMT
cache-control: public, max-age=2678400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 680717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qF%2FFTXTz3BFvpvNyoTPc3LZcxltROrB%2FZd2210baT5hHrFbVtj%2FopaCO4UNeAIBWJUpqSbmH1OKZJGj%2Bv38SodhQVaG70RQIWX2t7JCyjty2UsYVOdCjmZ63Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77025871fd41b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xamvn.sh/misc/flags/shiny/32/United-Kingdom.png | 104.21.7.17 | 200 OK | 1.7 kB |
URL HTTP/2xamvn.sh/misc/flags/shiny/32/United-Kingdom.png IP104.21.7.17:0
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data Hash91583bd9501e5849846045852a312edf 8c6b852720f8b23b21d7cdd49d0da67b342f8f92 2904717ea157bebac20a7fc0d1981894a88be32398be23fde6b4d9d4ed1429a8
GET /misc/flags/shiny/32/United-Kingdom.png HTTP/1.1
Host: xamvn.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: image/png
content-length: 1690
last-modified: Thu, 08 Sep 2022 06:10:42 GMT
etag: "63198762-69a"
x-powered-by: VPSSIM
expires: Thu, 15 Dec 2022 20:41:55 GMT
cache-control: public, max-age=2678400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 917871
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TMrl%2B%2BBwxZE9OrPFmf92l2MDKtDZKLPvaiM3YF6r1TYpMilFCntowWN4BQw%2B0uXP%2FwkV32k3ZRSXUS7pdLn7KsRVPN0OkHZEpRjOxVMjxIYi%2F2EE7OM0jHO7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77025871fd47b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xamvn.sh/misc/flags/shiny/32/Abkhazia.png | 104.21.7.17 | 200 OK | 1.1 kB |
URL HTTP/2xamvn.sh/misc/flags/shiny/32/Abkhazia.png IP104.21.7.17:0
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data Hashabf0ef25f8ab784011116ebd90d80ddb 645fac6423fad8dee438dc704a955d9a605c64ed 1ae0212750da6ddefeac6593238cc6e36f306f158d78bab731c60a0af00ee698
GET /misc/flags/shiny/32/Abkhazia.png HTTP/1.1
Host: xamvn.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: image/png
content-length: 1084
last-modified: Thu, 08 Sep 2022 06:10:44 GMT
etag: "63198764-43c"
x-powered-by: VPSSIM
expires: Fri, 23 Dec 2022 10:23:58 GMT
cache-control: public, max-age=2678400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 263748
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlh8zS0ykhkHgv2AV7sIR6qILr74kGkuzuQ1Ta%2BdYT3NUPGLMjrmzhqYnUb0WpB%2Fe7sfD68KDFbBQdUuKTXe%2BOxF47jl6l4GKn%2FMeqW5OGlTfMv%2BI%2FWlQpN0wA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258723d88b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw | 142.250.74.3 | 200 OK | 472 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw IP142.250.74.3:0
Hashca885322a5c78bdc3db8b3050f5d47b2 c9bed0da57af263d125c4cdc5f78272d42e221be d624a50bc7a5bfbd15ad89fa7bf6db3dcd88e9e9cafa832dbf83199cdda1fcfc
POST /s/gts1p5/d2XWmgr_SFw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| push.services.mozilla.com/ | 35.161.136.21 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.161.136.21:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: na423C414zEeynXqQ6lLZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IEcAmsZBqzXBf5JJ1K75IZ2/KK4=
|
|
| cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js | 151.101.85.229 | 200 OK | 3.2 kB |
URL HTTP/2cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js IP151.101.85.229:0
File typeUnicode text, UTF-8 text, with very long lines (9067) Hashc52986d01ba36537a53cfd141728052a 297e70f8df7271540be671447d28d7856d48334f f657dd4f0daa1b9cd06c5f3a50737a6ce6e9c05e0278f88455778979cf7fbd30
GET /npm/clipboard@2/dist/clipboard.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.0.11
x-jsd-version-type: version
etag: W/"23c8-mny0Bfm+7QBYkVh9QfdqByCJP/w"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 11:39:46 GMT
age: 3692
x-served-by: cache-fra-eddf8230107-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3216
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 | 104.18.20.226 | 200 OK | 1.5 kB |
URL HTTP/1.1ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 IP104.18.20.226:0
Hash7cbb9ebaabb5ce6aa02467b83d3d47d1 15b91ac0d6d85143101b9d3f747252cb2ed54a05 4f12903e87d608df374437d5830a3b2e8b42942b2621432136bfc0c104973750
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:39:46 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9E010A6D161E1B19ECD8006CAE5D60DD59E6DE2B"
Expires: Sat, 26 Nov 2022 22:00:00 GMT
Last-Modified: Sat, 26 Nov 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2157
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77025872be54b518-OSL
|
|
| xamvn.art/js/vendor/vendor-compiled.js?_v=e242e111 | 172.67.69.40 | 200 OK | 23 kB |
URL HTTP/2xamvn.art/js/vendor/vendor-compiled.js?_v=e242e111 IP172.67.69.40:0
File typeASCII text, with very long lines (15908) Hashf319b8bc85d5617990c70e19c80ac4f0 8bcdb1df6fce88507208a79120989c635acf647f b30bbcbd08b4b2da3d688d93a33b52e56908067db14077097b0496fe92d55c92
GET /js/vendor/vendor-compiled.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=43704
etag: W/"634d7987-aab8"
expires: Sun, 25 Dec 2022 01:59:53 GMT
last-modified: Mon, 17 Oct 2022 15:49:27 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aB4ZICl5D5bY1DX63GgAkaCcaUwqCUl5rP1VelxjJ9Etuufp8RN6Wd51wb9UUqLE8ibQNY5gwaFrCZGFqZU%2FdIm11MinVm%2BMgX9aaKYgSZrzDwwisrgxZ4bUAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a7db4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111 | 172.67.69.40 | 200 OK | 10 kB |
URL HTTP/2xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111 IP172.67.69.40:0
Hash2636517b6536279f46cafb0860562cae c5eff8ee1fb3db5a11dfe55361233aa0781cba29 8b3a68e902455892d388214902bc5b20460262847de291d19ba0826ed117c3c1
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /js/themehouse/global/20210125.min.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 13:20:39 GMT
vary: Accept-Encoding
etag: W/"634ff9a7-2b29"
x-powered-by: VPSSIM
expires: Sun, 25 Dec 2022 02:01:05 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 121121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1NqHRCmdPOe9VNW6jg35qRlRH1Vudkmlbb4335Y%2B%2BOtzbyLq7bWi47iJeqLFa0IfwDgvdiEMIgTZ6OprDQX1u3NB8eFeoxkTsCWh8VYjG2BURwO8sNY6ClprA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a86b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3 | 172.67.69.40 | 200 OK | 137 kB |
URL HTTP/2xamvn.art/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3 IP172.67.69.40:0
File typeWeb Open Font Format (Version 2), TrueType, length 136824, version 331.-31261\012- data Size137 kB (136824 bytes) Hash978b27ec5d8b81d2b15aa28aaaae1fcb 76625967fe113a088e0627605b9d1bbfb8a5e47c 943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c
GET /styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: font/woff2
content-length: 136824
last-modified: Mon, 17 Oct 2022 15:52:01 GMT
etag: "634d7a21-21678"
x-powered-by: VPSSIM
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-cache-status: HIT
age: 6887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voXvonvA1ZJMmDOuLJeOp6oLx77UfQTXbK5Ca2qiVklcNmcbmxa5Khm7qWl%2FcSkmzRTK3iVvz4GBRe6gKCTNVVLTh74mP2ahzPYvM%2F3c8m%2B4r3NgJEZAl%2BR6%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258794a4fb4eb-OSL
X-Firefox-Spdy: h2
|
|
| xamvn.art/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3 | 172.67.69.40 | 200 OK | 169 kB |
URL HTTP/2xamvn.art/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3 IP172.67.69.40:0
File typeWeb Open Font Format (Version 2), TrueType, length 168768, version 331.-31261\012- data Size169 kB (168768 bytes) Hashd8689b99dce7c881d3130f3c91cfefdf fb005c93930c13b3a5f449bbc75ba5ee23f609fa 4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: font/woff2
content-length: 168768
last-modified: Mon, 17 Oct 2022 15:52:00 GMT
etag: "634d7a20-29340"
x-powered-by: VPSSIM
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-cache-status: HIT
age: 6887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNj44OpHMfbdXkAehpfkqEo1HJtbD9bY%2FfH2giVE2LrReHyU9t1jH%2F3jBwqtY9P1h%2F5PEP7mtgWJbR%2FKkZvXzQeTnkGkAhCdCDVgGzhYsjjulfj1Rv%2FgF9lJRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258794a4eb4eb-OSL
X-Firefox-Spdy: h2
|
|
| xamvn.art/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3 | 172.67.69.40 | 200 OK | 77 kB |
URL HTTP/2xamvn.art/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3 IP172.67.69.40:0
File typeWeb Open Font Format (Version 2), TrueType, length 76740, version 331.-31261\012- data Hash0511670fe2f5405105a6760294c5c51d 61cb879dec4fa97ece0d2a26cd6767c66117841b c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: font/woff2
content-length: 76740
last-modified: Mon, 17 Oct 2022 15:52:02 GMT
etag: "634d7a22-12bc4"
x-powered-by: VPSSIM
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-cache-status: HIT
age: 6887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGLHnLJg4Q%2FwoBPze1E%2BFKIFTI7Wm9Ja5mxnlx2WN5VBgxrGcirJhZgeoOz3UEnCd19icbFR0PLfzyrFaoxpu4wVE25Y2BU12Ab%2BpizKZi%2BVQlp2nVgdAeTIhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258799aa2b4eb-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hashcbf6bfb5cfe771e1978664ad91025548 37229a8fdc7db73bbacde095a44f32b1025caa7a 28df72848b5903a91970e9758a2dd5a9c81c88043ec3b4830f956483cb50c60d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161104
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:48 GMT
Etag: "6381cd54-116"
Expires: Mon, 28 Nov 2022 08:24:52 GMT
Last-Modified: Sat, 26 Nov 2022 08:24:52 GMT
Server: nginx
Content-Length: 278
|
|
| xamvn.art/styles/default/xenforo/smilies/yahoo/2.gif | 172.67.69.40 | 200 OK | 995 B |
URL HTTP/2xamvn.art/styles/default/xenforo/smilies/yahoo/2.gif IP172.67.69.40:0
File typeGIF image data, version 89a, 18 x 18\012- data Hash0efaf4f68004f47a151f172c7321a570 3f2f429b98c20dd286d78dc3e65dee4e05fca9db 1bdea0f1deb2580d6b37d254c389e728f8bed407d23873441db892d3904a976b
GET /styles/default/xenforo/smilies/yahoo/2.gif HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: image/gif
content-length: 995
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1001, status=webp_bigger
etag: "61024002-3e9"
expires: Sun, 25 Dec 2022 02:05:57 GMT
last-modified: Thu, 29 Jul 2021 05:43:30 GMT
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 120831
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jJt0989HhcRr4c%2F94N3pegrHAEcO6uD9VvYqM%2BZ4IrGiApy3yZdrnShCzekymAQWe1bPRaba902nwd56nOa5QPcktaSZ835QuLtN0QyGSEpg8KH7%2FF0Jt0kSbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702587a2b59b4eb-OSL
X-Firefox-Spdy: h2
|
|
| xamvn.art/data/avatars/m/424/424241.jpg?1660195501 | 172.67.69.40 | 200 OK | 2.9 kB |
URL HTTP/2xamvn.art/data/avatars/m/424/424241.jpg?1660195501 IP172.67.69.40:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 96x96, components 3\012- data Hashb378bf034e6d79da64611cc669263306 48fc993ea84f2e246ffe588c28b05ec1e721d7bf 802b3e4c12388e563015d783e039c5c0bf1d50b783cd9dd9f0f0e1cee4a7de24
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /data/avatars/m/424/424241.jpg?1660195501 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: image/jpeg
content-length: 2932
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "62f492ae-b74"
expires: Mon, 26 Dec 2022 10:56:27 GMT
last-modified: Thu, 11 Aug 2022 05:25:02 GMT
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 2601
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xmG5UeRQnLMuXFtQ19abBbqMSPbphXjAOEQCyNkmjSzcC5d1%2FXGW2N1p7FYcRt2WqU9OBurwneBfgcjyC8bkG4k%2BaDfPi6MOxt3VpqeqJRctwyjQL0PCm0puQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702587a2b5bb4eb-OSL
X-Firefox-Spdy: h2
|
|
| i.imgur.com/WtiAtPt.jpg | 151.101.84.193 | 200 OK | 30 kB |
IP151.101.84.193:0
File typeJPEG image data, baseline, precision 8, 408x360, components 3\012- data Hashee45a3e327261bb283729a461cd98e7f f2b45e715a4d8f1446345d2bc61278b1e137dc81 be4b5ed1ca05445a8eefbff9a220bffebfc68767ccfd60dcb0ab93ca330dff90
GET /WtiAtPt.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:13:58 GMT
etag: "ee45a3e327261bb283729a461cd98e7f"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 26 Nov 2022 11:39:48 GMT
age: 3968645
x-served-by: cache-iad-kjyo7100125-IAD, cache-bma1633-BMA
x-cache: HIT, HIT
x-cache-hits: 2598, 1
x-timer: S1669462788.252331,VS0,VE26
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 29734
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6827d82f488045e02e40d6a2fdbae4b3 4944139a4b08769511ffc6aa913857d88a0db7bc 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6827d82f488045e02e40d6a2fdbae4b3 4944139a4b08769511ffc6aa913857d88a0db7bc 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6827d82f488045e02e40d6a2fdbae4b3 4944139a4b08769511ffc6aa913857d88a0db7bc 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6827d82f488045e02e40d6a2fdbae4b3 4944139a4b08769511ffc6aa913857d88a0db7bc 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6827d82f488045e02e40d6a2fdbae4b3 4944139a4b08769511ffc6aa913857d88a0db7bc 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg | 34.120.237.76 | 200 OK | 4.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash841a4b110022a99ddea6f7bf66df0fa1 126771b86638108050cf57c0d12faa27f80f0edb 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 02:19:43 GMT
age: 33605
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd0f860248042a8499ffb1701a880b2ba 845842c789e6e97fd1687e668d446bbb8309ffc7 9eca5258c7b6e4e145ca6576a3f3791f1324714404ffd7a56a61961f81e7bd44
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11150
x-amzn-requestid: 0b773c28-feda-41a2-9de6-8b559bd773eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC5EukoAMFxfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-3bfe118939abc352072c5af1;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TpEr70sCNigNhVg7rDFIUG12AVpzC0BUW6-xW3QTvjLcBUrpehjJbQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 50022
etag: "845842c789e6e97fd1687e668d446bbb8309ffc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg | 34.120.237.76 | 200 OK | 6.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash926df9839ec3d924b563b55d8bccace8 c47a3884465fc02b5c57faa5ffbd986ba29c64c2 a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yM8EHyxy6pUHVZhGUOHuFOU-Z4eTyL2N3Ooa6QMrPlIfp6X5I_JBRw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 50022
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash95101ded0fe92a85649a086992948008 afed98649590f2524a9e530c53eebbc1ba36da6a 7f754cb2105494045efe657c47313e77bb26361ca45a6f8cbce1fdb52a15ba01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9787
x-amzn-requestid: 51d9848a-868c-4e51-b1a8-30596d0108b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUfxHjToAMFeGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813464-749244df2aa06b23445d675c;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wkBPzz1thuM-Nm7rBY68psfSROU1fbCCO-TbpBBrYLQmH1ZxQEV1vg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:47:48 GMT
age: 49920
etag: "afed98649590f2524a9e530c53eebbc1ba36da6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg | 34.120.237.76 | 200 OK | 3.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha783df85f30f9c555f9df6b99f61744d 61f9bed607e81606be78285596acdc5e0e4f4994 19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 27850
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg | 34.120.237.76 | 200 OK | 9.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc8dc4b8a7e9f7f4f84f0da568b43392b 3d32bff85cb7ec118c4496d0c3802829fdc9af3b 4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 49868
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| xamvn.art/data/avatars/m/110/110963.jpg?1664780485 | 172.67.69.40 | 200 OK | 3.9 kB |
URL HTTP/2xamvn.art/data/avatars/m/110/110963.jpg?1664780485 IP172.67.69.40:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 96x96, components 3\012- data Hashd0c3ed4802a0ce13c0559ca2db7185ea f98e871db9be9b197d1767b7622b87c94a839f6b 7f34456af776d4b4c2808066118f17fc16b7db1b0bed4b0842496303a1587da4
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /data/avatars/m/110/110963.jpg?1664780485 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: image/jpeg
content-length: 3918
last-modified: Mon, 03 Oct 2022 07:05:57 GMT
etag: "633a89d5-f4e"
x-powered-by: VPSSIM
expires: Mon, 26 Dec 2022 11:39:48 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI1QRgw8hlAccPr2Imlw3UnH3e7ruv2yMG2u41YeLiwbC3g4BbfAF52CFIX4PYb8mYtW8g0sNq07bwZh88cJc5LrHltsQzUA%2BAL26MzUH%2BNTnH4IS4HPPhJMFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702587a2b5cb4eb-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hashcbf6bfb5cfe771e1978664ad91025548 37229a8fdc7db73bbacde095a44f32b1025caa7a 28df72848b5903a91970e9758a2dd5a9c81c88043ec3b4830f956483cb50c60d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:49 GMT
Etag: "63807bd1-116"
Server: ECS (amb/6B95)
Content-Length: 278
|
|
| xamvn.art/js/xf/preamble.min.js?_v=e242e111 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/js/xf/preamble.min.js?_v=e242e111 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /js/xf/preamble.min.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
last-modified: Mon, 17 Oct 2022 15:49:23 GMT
vary: Accept-Encoding
etag: W/"634d7983-cc0"
x-powered-by: VPSSIM
expires: Sun, 25 Dec 2022 01:59:53 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2ByzqrtC9Gsqm01zxeJj%2BOPjhHD375B08ve1Tr1G6pCjQEgTn%2FCnlra0WM%2BsnnzLGQe40dbIXkCG8ElMTol8RUn10fWF8z03j%2B76mhGZQ52RejeLYL7TtPGlGvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871594db4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/styles/FontAwesome5/webfonts/fa-solid-900.woff2 | 172.67.69.40 | 404 Not Found | 0 B |
URL HTTP/2xamvn.art/styles/FontAwesome5/webfonts/fa-solid-900.woff2 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /styles/FontAwesome5/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 11:39:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IL%2Bm%2FmhwrFZ%2BwP4JF%2B0heIQQEa1g3FYor2uVmZoQkLppaXB3IZTp6avGpVu2f4FTKESqHnIQKvRAorZg%2FkMErp%2BAOL%2BHvBZNheEy13XNh1QnAvYLoNZZ3w837w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258715944b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/styles/FontAwesome5/webfonts/fa-brands-400.woff2 | 172.67.69.40 | 404 Not Found | 0 B |
URL HTTP/2xamvn.art/styles/FontAwesome5/webfonts/fa-brands-400.woff2 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /styles/FontAwesome5/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 11:39:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dK1FtXK4gjmSxHKDzyv8WC2soilioysNnaq84HrJVvNtZjBz5%2BI2gNTv4fnDbkrBXbMqAKrOqt74OrfVD2aaJ9hEIrcAhLhLkG6jxjw2QkrxtySHoczKTpSDMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258715947b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/styles/FontAwesome5/webfonts/fa-regular-400.woff2 | 172.67.69.40 | 404 Not Found | 0 B |
URL HTTP/2xamvn.art/styles/FontAwesome5/webfonts/fa-regular-400.woff2 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /styles/FontAwesome5/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 11:39:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnIUJJicvPphkdC5g0mp4e2zUtkEbOmjE8NAqNJm5r17eYsh2TW0Kvjfjk0J34PM7St07zk9EeoMs%2BK8CNKVYQLt53s9jD%2Fyxt3csRbY3SbU%2FGcukA1JbMYJKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871390cb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/js/themehouse/covers/index.js?_v=e242e111 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/js/themehouse/covers/index.js?_v=e242e111 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /js/themehouse/covers/index.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=12484
etag: W/"634ff9a7-30c4"
expires: Sun, 25 Dec 2022 02:01:05 GMT
last-modified: Wed, 19 Oct 2022 13:20:39 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SbPFATZUI%2BHK%2F7I8NgHRdanbaiDTeeBjibHDIBWUeGqgCNRIECp7v%2FOt8r%2F4O40ga0ytrj%2BtG%2FGO1Q3XSCA5NwqA0LtM9GQ4eGqev3mlJUAw1ICgyixSJwz9%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a8ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/js/xf/core-compiled.js?_v=e242e111 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/js/xf/core-compiled.js?_v=e242e111 IP172.67.69.40:0
GET /js/xf/core-compiled.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=211947
etag: W/"634d7983-33beb"
expires: Sun, 25 Dec 2022 01:59:53 GMT
last-modified: Mon, 17 Oct 2022 15:49:23 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MjkrnmIMw8CPN9Df9UwX3D%2F7VphfGL40Vqp5GjxcbdF%2FhDXBB7YBZXDTjoNHWmLzRP3ge13zSELJgQWulnId739AKP3dCnIMy50c5h%2Bxi9oPY6VwYyQmbUaKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a7fb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
last-modified: Sat, 26 Nov 2022 11:39:48 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTDMzBcaitVJ7sYaVkLGvihSaFwfEHYkxa8ngglMqpYRBbOtWl6fSeNuiaK8rJ0YYGcLYPpojjfJydettcAR7SuUNYBqKGS1BP3W9agKr193tD2pMfpeOVyyxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702587b0cb8b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04 IP172.67.69.40:0
GET /css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/css; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
expires: Sun, 26 Nov 2023 11:39:47 GMT
last-modified: Fri, 18 Nov 2022 13:38:20 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-powered-by: VPSSIM
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGS78cxrojiwG9Iox7lcui4g7bKdqyktNxdd0MAZQSX9pAZvCPLJDhGd4LF7UhF4bLLn35aaCVM1%2FSS%2Fv0yV8pO2fFHlNbLWOuY1q0Hgf3I0HkeDjGFoMjsq7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871594ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/css.php?css=public%3Aaltf_thread_field_column_list.less%2Cpublic%3Abb_code.less%2Cpublic%3Amessage.less%2Cpublic%3AozzmodzTextLogo.less%2Cpublic%3Ashare_controls.less%2Cpublic%3AsmokeMarkScammer.less%2Cpublic%3Astructured_list.less%2Cpublic%3Ath_covers.less%2Cpublic%3Athholidays_holiday_4.less%2Cpublic%3Athholidays_leaves.less%2Cpublic%3Aextra.less&s=7&l=2&d=1668778700&k=57199eab16f629286a62502fbe5b5cbbba28f294 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/css.php?css=public%3Aaltf_thread_field_column_list.less%2Cpublic%3Abb_code.less%2Cpublic%3Amessage.less%2Cpublic%3AozzmodzTextLogo.less%2Cpublic%3Ashare_controls.less%2Cpublic%3AsmokeMarkScammer.less%2Cpublic%3Astructured_list.less%2Cpublic%3Ath_covers.less%2Cpublic%3Athholidays_holiday_4.less%2Cpublic%3Athholidays_leaves.less%2Cpublic%3Aextra.less&s=7&l=2&d=1668778700&k=57199eab16f629286a62502fbe5b5cbbba28f294 IP172.67.69.40:0
GET /css.php?css=public%3Aaltf_thread_field_column_list.less%2Cpublic%3Abb_code.less%2Cpublic%3Amessage.less%2Cpublic%3AozzmodzTextLogo.less%2Cpublic%3Ashare_controls.less%2Cpublic%3AsmokeMarkScammer.less%2Cpublic%3Astructured_list.less%2Cpublic%3Ath_covers.less%2Cpublic%3Athholidays_holiday_4.less%2Cpublic%3Athholidays_leaves.less%2Cpublic%3Aextra.less&s=7&l=2&d=1668778700&k=57199eab16f629286a62502fbe5b5cbbba28f294 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/css; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
expires: Sun, 26 Nov 2023 11:39:47 GMT
last-modified: Fri, 18 Nov 2022 13:38:20 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-powered-by: VPSSIM
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DL7F4Yi%2FstyoIEahhBgngB2%2BnzggTBpM5jOPvXIJ0PbZGMEfbwDOraaPMHBPb4UeOBobBB9MqvRpehMR%2FVXRIcS8uMqgZt7sodwutFxHoehdDKWeAdps9xmxng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871594cb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/index.php?sw/cache.json | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/index.php?sw/cache.json IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /index.php?sw/cache.json HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xamvn.art/service_worker.js
Connection: keep-alive
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
last-modified: Sat, 26 Nov 2022 11:39:48 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c0RbKtYib9ypMxjUZeL3i%2Biu6ns%2BWmaXWPq%2Fq8Pfr5VgjF9y6wKEbCxJrsBb1kPxHvhDRukgdmoz%2BA5470JlnAYMOS%2BTyBcvvmTHi%2Fw31Joxq3ZNk6fjgVsaKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702587c1e5ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
last-modified: Sat, 26 Nov 2022 11:39:46 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
set-cookie: xfa_csrf=eJCctWik4cnmXB1G; path=/; secure
x-powered-by: VPSSIM
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hckmfUAETFQMnBfUJtGooiNmZMu7Mro6%2BjEpYqD%2FrlQutGxYRPYycwHuwfEFlkZkxcy29czTSPoKYPJJeyUwZKOLtNxC6zX%2FE2DntKh5w%2BJpaxcb%2BPgeKhwsZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702586cdaeab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| asiacpx.com/www/delivery/asyncjs.php | 172.67.209.128 | 200 OK | 0 B |
URL HTTP/2asiacpx.com/www/delivery/asyncjs.php IP172.67.209.128:0
GET /www/delivery/asyncjs.php HTTP/1.1
Host: asiacpx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: text/javascript;charset=UTF-8
expire: Sat, 26 Nov 2022 12:39:47 GMT
cache-control: private, max-age=3600
p3p: CP="CUR ADM OUR NOR STA NID"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pc8xDtgbZ8AQC5%2FP3dL1J%2FtFNVKwggBpzeEqmvyPmPD8QhSZP41m3TfNRYb7ikcqXq2Uzbf32%2Be629F0bEJKwy8kAttzfm5NOKjX%2FKR87XwDOL%2FoTyfZ51dqgyKVnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025877fa5d0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xamvn.art/service_worker.js | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/service_worker.js IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /service_worker.js HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=6028
etag: W/"634d797c-178c"
expires: Sun, 25 Dec 2022 01:59:54 GMT
last-modified: Mon, 17 Oct 2022 15:49:16 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajJ5goqNkcBqXFcOQIRAumMM2TTQ3pxtWMjfp73L7qShP28zMdodD01Xft1WjBxEBON5O0QIXP6KgcCMMoMFj8NitkXNyYM91hstiogZERx%2FRzyVuiP9SCCrDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702587b0ceeb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111 | 172.67.69.40 | 200 OK | 0 B |
URL HTTP/2xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111 IP172.67.69.40:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
last-modified: Mon, 17 Oct 2022 15:49:42 GMT
vary: Accept-Encoding
etag: W/"634d7996-15d84"
x-powered-by: VPSSIM
expires: Sun, 25 Dec 2022 01:59:53 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oe4AifC5vylrsGrdqvQfyh%2FmgI5B6fnMyT5Uuw3gu7rekCSMghL%2Flao6y3POeDA%2F%2B8VgFc0FkI9j7WbQw9EP9%2F9IkxvVkOvRvWZ4MJJqMfptn6zQVBI9aV7%2BLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a73b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|