Report - xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/

Report Overview

Submitted URL
xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
IP
104.26.1.190
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-26 11:39:56
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
xamvn.art	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	442 kB	104.26.1.190
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	728 B	23.36.76.226
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	2.1 kB	142.250.74.3
xamvn.sh	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	6.2 kB	104.21.7.17
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.161.136.21
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	4.0 kB	151.101.85.229
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	51 kB	34.120.237.76
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.5 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
i.imgur.com	5110	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	30 kB	151.101.84.193
asiacpx.com	568272	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	708 B	172.67.209.128
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	1.9 kB	104.18.20.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/	Phishing
2022-11-26	medium	xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111	Phishing
2022-11-26	medium	xamvn.art/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3	Phishing
2022-11-26	medium	xamvn.art/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3	Phishing
2022-11-26	medium	xamvn.art/data/avatars/m/424/424241.jpg?1660195501	Phishing
2022-11-26	medium	xamvn.art/data/avatars/m/110/110963.jpg?1664780485	Phishing
2022-11-26	medium	xamvn.art/js/xf/preamble.min.js?_v=e242e111	Phishing
2022-11-26	medium	xamvn.art/styles/FontAwesome5/webfonts/fa-solid-900.woff2	Phishing
2022-11-26	medium	xamvn.art/styles/FontAwesome5/webfonts/fa-brands-400.woff2	Phishing
2022-11-26	medium	xamvn.art/styles/FontAwesome5/webfonts/fa-regular-400.woff2	Phishing
2022-11-26	medium	xamvn.art/js/themehouse/covers/index.js?_v=e242e111	Phishing
2022-11-26	medium	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2	Phishing
2022-11-26	medium	xamvn.art/index.php?sw/cache.json	Phishing
2022-11-26	medium	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/	Phishing
2022-11-26	medium	xamvn.art/service_worker.js	Phishing
2022-11-26	medium	xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111	11 kB	2023-03-08	2024-04-24
Pretty URL xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111 IP 172.67.69.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:05:10 Last Seen2024-04-24 08:57:24 Times Seen386 Hash d6052f30ed96aa63664df538b9742e3a c8701105cfd5d0252c79eb6868f6206df8bbf215 7e5c23918762997e2851f5ca38481431503c5a7036e19a128035804a935c0e4e Loading...

	cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js	9.2 kB	2023-03-07	2024-04-25
Pretty URL cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:23:44 Last Seen2024-04-25 19:59:10 Times Seen4704 Hash 15f52a1ee547f2bdd46e56747332ca2d 9a7cb405f9beed005891587d41f76a0720893ffc e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9 Loading...

	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/	161 B	2023-03-10	2023-12-14
Pretty URL xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ IP 104.26.1.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:27:06 Last Seen2023-12-14 08:17:46 Times Seen12 Hash b0ae3d25e2e80926fbe2cf672ea66113 166d477a6b3f0be4021eb983532af5905d378d66 c5ec5c7f44f63edabffbf0ade0b34913d81bbcf778a1c8abfef46367c443823f Loading...

	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/	144 B	2023-03-10	2023-12-14
Pretty URL xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ IP 104.26.1.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:27:06 Last Seen2023-12-14 08:17:46 Times Seen12 Hash 61cde9caee5f4ee142bb408764bc70e7 b969d1909dde7320efdb3cf45eb3a545c5176288 27751661d1231fd3166d00f238e9e514accd4edd22d2b999763e8b2fcba1f3fb Loading...

	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/	5.1 kB	2023-03-11	2023-03-11
Pretty URL xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ IP 104.26.1.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:39:59 Last Seen2023-03-11 20:39:59 Times Seen1 Hash 46a271de28481890939a402588cda6d2 573c6b2c542fe29617cf14a5b290c46a2985fcad 4d37063756ace72fd37e8c18c022a5fa038a1aca4d65a82cc1a229e602c9d918 Loading...

	asiacpx.com/www/delivery/asyncjs.php	9.9 kB	2023-03-07	2024-04-25
Pretty URL asiacpx.com/www/delivery/asyncjs.php IP 172.67.209.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:40:19 Last Seen2024-04-25 09:38:45 Times Seen46 Hash 3ce2f8222ee37b39d63c4577241cbd36 26c5f052a60a60a9a5d564a4449ff0fd42fcc42f 1e39f273b7dc7cbdc3b950aec156ac06ad54daced3719a6941fa204ef6eff6c8 Loading...

	xamvn.art/js/vendor/vendor-compiled.js?_v=e242e111	43 kB	2023-03-07	2024-04-25
Pretty URL xamvn.art/js/vendor/vendor-compiled.js?_v=e242e111 IP 172.67.69.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:26:34 Last Seen2024-04-25 19:50:39 Times Seen760 Hash 372b0c5f17990ad741c3d02593f63fe8 4e577cb859755cbf104a2334e6307a5291558689 ef5f0b7e161099d503298ab2d66a927f48401f992d188cd04415419b41dcd0b1 Loading...

	xamvn.art/js/themehouse/covers/index.js?_v=e242e111	7.6 kB	2023-03-09	2024-01-08
Pretty URL xamvn.art/js/themehouse/covers/index.js?_v=e242e111 IP 172.67.69.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 14:19:18 Last Seen2024-01-08 23:44:29 Times Seen11 Hash 2eab7ba6c0b4141da2650774910dfdc2 0339cc7559c854eb49bbee5331f84f6f4499890f 031aa6ab4c63c0edf5448fbf7e2cff40b841a8b84b922bf5c0bef44ec9a7afe5 Loading...

	xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111	90 kB	2023-03-07	2024-04-26
Pretty URL xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111 IP 172.67.69.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-26 20:29:25 Times Seen139420 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	xamvn.art/js/xf/core-compiled.js?_v=e242e111	212 kB	2023-03-08	2024-02-27
Pretty URL xamvn.art/js/xf/core-compiled.js?_v=e242e111 IP 172.67.69.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:31:32 Last Seen2024-02-27 13:54:07 Times Seen29 Hash 1f8970ffbc5a3c5759c96c0e6d0a0c62 b0e06f55dcd71b6647ce8f6f2408cdea04bb6aca df08b1e1c3f60fb552a49b7456a75e767f9e4fdf3a85881f9d644bf6b5f0d329 Loading...

	xamvn.art/js/xf/preamble.min.js?_v=e242e111	3.3 kB	2023-03-07	2024-04-25
Pretty URL xamvn.art/js/xf/preamble.min.js?_v=e242e111 IP 172.67.69.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:52 Last Seen2024-04-25 13:44:59 Times Seen161 Hash 387f790df3b04817b3b499539218a32f 8c5023f702a511271e35b31fe82253edf119ee2b f8f0d5e29e4408e8ecdccee5e73a185566774f71c7f440cc50ad5c647b127ce3 Loading...

	xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/	209 B	2023-03-11	2023-03-11
Pretty URL xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ IP 104.26.1.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:39:59 Last Seen2023-03-11 20:39:59 Times Seen1 Hash 12222689d7419d613de94bb1f09c2810 8fa45318f8e160ef98f5a16d922fc49370dab653 b42da52613441521bb80b88fb7e2b5e405080c767673944662766973db415d9b Loading...

HTTP Transactions (55)

URL IP Response Size

xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/

104.26.1.190

301 Moved Permanently

0 B

URL HTTP/1.1
xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
IP
104.26.1.190:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 11:39:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 26 Nov 2022 12:39:45 GMT
Location: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2FEDeXZqCCKYgzZ6Do%2B2r%2BPP6q2CuAs2jEXhFSt9wBWxGhQimF%2BOWyeV2gP%2BiAON4alZx8zWhUJwc81lxgF9RTtZp94dFiOI0ZPmXesdJN9TlfHDB9HKfVykiA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702586a2ea9b4f7-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3079
Expires: Sat, 26 Nov 2022 12:31:04 GMT
Date: Sat, 26 Nov 2022 11:39:45 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5107
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:45 GMT
Last-Modified: Sat, 26 Nov 2022 10:14:38 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5752
Expires: Sat, 26 Nov 2022 13:15:37 GMT
Date: Sat, 26 Nov 2022 11:39:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 11:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1232
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 0KAIzA50mV8YVfSNCGM2/wS7Z0A4c3acJw7NY5QORemFo/F354+yZdceHuxtbSSc7VfFSTYXkr8=
x-amz-request-id: GFEKS0WWB111AK84
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 10:41:10 GMT
age: 3515
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
961a8d6b7ae6a33fbdb5a08fedb47e8e
f0953739e490fd7aca613e076545631aefe3de28
a2dfc58c822249eea75d3c460cb40ec5b46709da595c037a93c1e57bc3762f82

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A2DFC58C822249EEA75D3C460CB40EC5B46709DA595C037A93C1E57BC3762F82"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1893
Expires: Sat, 26 Nov 2022 12:11:19 GMT
Date: Sat, 26 Nov 2022 11:39:46 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 11:39:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 1714
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5978
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Last-Modified: Sat, 26 Nov 2022 10:00:08 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ca885322a5c78bdc3db8b3050f5d47b2
c9bed0da57af263d125c4cdc5f78272d42e221be
d624a50bc7a5bfbd15ad89fa7bf6db3dcd88e9e9cafa832dbf83199cdda1fcfc

HTTP Headers

POST /s/gts1p5/d2XWmgr_SFw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ca885322a5c78bdc3db8b3050f5d47b2
c9bed0da57af263d125c4cdc5f78272d42e221be
d624a50bc7a5bfbd15ad89fa7bf6db3dcd88e9e9cafa832dbf83199cdda1fcfc

HTTP Headers

POST /s/gts1p5/d2XWmgr_SFw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

xamvn.sh/misc/flags/shiny/32/Benin.png

104.21.7.17

200 OK

913 B

URL HTTP/2
xamvn.sh/misc/flags/shiny/32/Benin.png
IP
104.21.7.17:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
913 B (913 bytes)
Hash
235efd55cc8d43da73df7762ca57b88d
71ec78754c3e0d368c797ec34fd395174845bdb0
8239794a6936af9bf81d1d7cd5d168c3a9324f686fddf6ff0b876ee0bab3d87a

HTTP Headers

GET /misc/flags/shiny/32/Benin.png HTTP/1.1
Host: xamvn.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: image/png
content-length: 913
last-modified: Thu, 08 Sep 2022 06:10:41 GMT
etag: "63198761-391"
x-powered-by: VPSSIM
expires: Sun, 18 Dec 2022 14:34:29 GMT
cache-control: public, max-age=2678400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 680717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qF%2FFTXTz3BFvpvNyoTPc3LZcxltROrB%2FZd2210baT5hHrFbVtj%2FopaCO4UNeAIBWJUpqSbmH1OKZJGj%2Bv38SodhQVaG70RQIWX2t7JCyjty2UsYVOdCjmZ63Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77025871fd41b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

xamvn.sh/misc/flags/shiny/32/United-Kingdom.png

104.21.7.17

200 OK

1.7 kB

URL HTTP/2
xamvn.sh/misc/flags/shiny/32/United-Kingdom.png
IP
104.21.7.17:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1690 bytes)
Hash
91583bd9501e5849846045852a312edf
8c6b852720f8b23b21d7cdd49d0da67b342f8f92
2904717ea157bebac20a7fc0d1981894a88be32398be23fde6b4d9d4ed1429a8

HTTP Headers

GET /misc/flags/shiny/32/United-Kingdom.png HTTP/1.1
Host: xamvn.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: image/png
content-length: 1690
last-modified: Thu, 08 Sep 2022 06:10:42 GMT
etag: "63198762-69a"
x-powered-by: VPSSIM
expires: Thu, 15 Dec 2022 20:41:55 GMT
cache-control: public, max-age=2678400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 917871
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TMrl%2B%2BBwxZE9OrPFmf92l2MDKtDZKLPvaiM3YF6r1TYpMilFCntowWN4BQw%2B0uXP%2FwkV32k3ZRSXUS7pdLn7KsRVPN0OkHZEpRjOxVMjxIYi%2F2EE7OM0jHO7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77025871fd47b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

xamvn.sh/misc/flags/shiny/32/Abkhazia.png

104.21.7.17

200 OK

1.1 kB

URL HTTP/2
xamvn.sh/misc/flags/shiny/32/Abkhazia.png
IP
104.21.7.17:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1084 bytes)
Hash
abf0ef25f8ab784011116ebd90d80ddb
645fac6423fad8dee438dc704a955d9a605c64ed
1ae0212750da6ddefeac6593238cc6e36f306f158d78bab731c60a0af00ee698

HTTP Headers

GET /misc/flags/shiny/32/Abkhazia.png HTTP/1.1
Host: xamvn.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: image/png
content-length: 1084
last-modified: Thu, 08 Sep 2022 06:10:44 GMT
etag: "63198764-43c"
x-powered-by: VPSSIM
expires: Fri, 23 Dec 2022 10:23:58 GMT
cache-control: public, max-age=2678400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 263748
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlh8zS0ykhkHgv2AV7sIR6qILr74kGkuzuQ1Ta%2BdYT3NUPGLMjrmzhqYnUb0WpB%2Fe7sfD68KDFbBQdUuKTXe%2BOxF47jl6l4GKn%2FMeqW5OGlTfMv%2BI%2FWlQpN0wA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258723d88b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/d2XWmgr_SFw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ca885322a5c78bdc3db8b3050f5d47b2
c9bed0da57af263d125c4cdc5f78272d42e221be
d624a50bc7a5bfbd15ad89fa7bf6db3dcd88e9e9cafa832dbf83199cdda1fcfc

HTTP Headers

POST /s/gts1p5/d2XWmgr_SFw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

35.161.136.21

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.136.21:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: na423C414zEeynXqQ6lLZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IEcAmsZBqzXBf5JJ1K75IZ2/KK4=

cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js

151.101.85.229

200 OK

3.2 kB

URL HTTP/2
cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (9067)
Size
3.2 kB (3216 bytes)
Hash
c52986d01ba36537a53cfd141728052a
297e70f8df7271540be671447d28d7856d48334f
f657dd4f0daa1b9cd06c5f3a50737a6ce6e9c05e0278f88455778979cf7fbd30

HTTP Headers

GET /npm/clipboard@2/dist/clipboard.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.0.11
x-jsd-version-type: version
etag: W/"23c8-mny0Bfm+7QBYkVh9QfdqByCJP/w"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 11:39:46 GMT
age: 3692
x-served-by: cache-fra-eddf8230107-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3216
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
7cbb9ebaabb5ce6aa02467b83d3d47d1
15b91ac0d6d85143101b9d3f747252cb2ed54a05
4f12903e87d608df374437d5830a3b2e8b42942b2621432136bfc0c104973750

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:39:46 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9E010A6D161E1B19ECD8006CAE5D60DD59E6DE2B"
Expires: Sat, 26 Nov 2022 22:00:00 GMT
Last-Modified: Sat, 26 Nov 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2157
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77025872be54b518-OSL

xamvn.art/js/vendor/vendor-compiled.js?_v=e242e111

172.67.69.40

200 OK

23 kB

URL HTTP/2
xamvn.art/js/vendor/vendor-compiled.js?_v=e242e111
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (15908)
Size
23 kB (23447 bytes)
Hash
f319b8bc85d5617990c70e19c80ac4f0
8bcdb1df6fce88507208a79120989c635acf647f
b30bbcbd08b4b2da3d688d93a33b52e56908067db14077097b0496fe92d55c92

HTTP Headers

GET /js/vendor/vendor-compiled.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=43704
etag: W/"634d7987-aab8"
expires: Sun, 25 Dec 2022 01:59:53 GMT
last-modified: Mon, 17 Oct 2022 15:49:27 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aB4ZICl5D5bY1DX63GgAkaCcaUwqCUl5rP1VelxjJ9Etuufp8RN6Wd51wb9UUqLE8ibQNY5gwaFrCZGFqZU%2FdIm11MinVm%2BMgX9aaKYgSZrzDwwisrgxZ4bUAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a7db4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111

172.67.69.40

200 OK

10 kB

URL HTTP/2
xamvn.art/js/themehouse/global/20210125.min.js?_v=e242e111
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
10 kB (10474 bytes)
Hash
2636517b6536279f46cafb0860562cae
c5eff8ee1fb3db5a11dfe55361233aa0781cba29
8b3a68e902455892d388214902bc5b20460262847de291d19ba0826ed117c3c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/themehouse/global/20210125.min.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 13:20:39 GMT
vary: Accept-Encoding
etag: W/"634ff9a7-2b29"
x-powered-by: VPSSIM
expires: Sun, 25 Dec 2022 02:01:05 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 121121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1NqHRCmdPOe9VNW6jg35qRlRH1Vudkmlbb4335Y%2B%2BOtzbyLq7bWi47iJeqLFa0IfwDgvdiEMIgTZ6OprDQX1u3NB8eFeoxkTsCWh8VYjG2BURwO8sNY6ClprA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a86b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3

172.67.69.40

200 OK

137 kB

URL HTTP/2
xamvn.art/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 136824, version 331.-31261\012- data
Size
137 kB (136824 bytes)
Hash
978b27ec5d8b81d2b15aa28aaaae1fcb
76625967fe113a088e0627605b9d1bbfb8a5e47c
943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c

HTTP Headers

GET /styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: font/woff2
content-length: 136824
last-modified: Mon, 17 Oct 2022 15:52:01 GMT
etag: "634d7a21-21678"
x-powered-by: VPSSIM
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-cache-status: HIT
age: 6887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voXvonvA1ZJMmDOuLJeOp6oLx77UfQTXbK5Ca2qiVklcNmcbmxa5Khm7qWl%2FcSkmzRTK3iVvz4GBRe6gKCTNVVLTh74mP2ahzPYvM%2F3c8m%2B4r3NgJEZAl%2BR6%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258794a4fb4eb-OSL
X-Firefox-Spdy: h2

xamvn.art/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3

172.67.69.40

200 OK

169 kB

URL HTTP/2
xamvn.art/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 168768, version 331.-31261\012- data
Size
169 kB (168768 bytes)
Hash
d8689b99dce7c881d3130f3c91cfefdf
fb005c93930c13b3a5f449bbc75ba5ee23f609fa
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: font/woff2
content-length: 168768
last-modified: Mon, 17 Oct 2022 15:52:00 GMT
etag: "634d7a20-29340"
x-powered-by: VPSSIM
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-cache-status: HIT
age: 6887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNj44OpHMfbdXkAehpfkqEo1HJtbD9bY%2FfH2giVE2LrReHyU9t1jH%2F3jBwqtY9P1h%2F5PEP7mtgWJbR%2FKkZvXzQeTnkGkAhCdCDVgGzhYsjjulfj1Rv%2FgF9lJRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258794a4eb4eb-OSL
X-Firefox-Spdy: h2

xamvn.art/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3

172.67.69.40

200 OK

77 kB

URL HTTP/2
xamvn.art/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 76740, version 331.-31261\012- data
Size
77 kB (76740 bytes)
Hash
0511670fe2f5405105a6760294c5c51d
61cb879dec4fa97ece0d2a26cd6767c66117841b
c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: font/woff2
content-length: 76740
last-modified: Mon, 17 Oct 2022 15:52:02 GMT
etag: "634d7a22-12bc4"
x-powered-by: VPSSIM
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-cache-status: HIT
age: 6887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGLHnLJg4Q%2FwoBPze1E%2BFKIFTI7Wm9Ja5mxnlx2WN5VBgxrGcirJhZgeoOz3UEnCd19icbFR0PLfzyrFaoxpu4wVE25Y2BU12Ab%2BpizKZi%2BVQlp2nVgdAeTIhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770258799aa2b4eb-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
cbf6bfb5cfe771e1978664ad91025548
37229a8fdc7db73bbacde095a44f32b1025caa7a
28df72848b5903a91970e9758a2dd5a9c81c88043ec3b4830f956483cb50c60d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161104
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:48 GMT
Etag: "6381cd54-116"
Expires: Mon, 28 Nov 2022 08:24:52 GMT
Last-Modified: Sat, 26 Nov 2022 08:24:52 GMT
Server: nginx
Content-Length: 278

xamvn.art/styles/default/xenforo/smilies/yahoo/2.gif

172.67.69.40

200 OK

995 B

URL HTTP/2
xamvn.art/styles/default/xenforo/smilies/yahoo/2.gif
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 18 x 18\012- data
Size
995 B (995 bytes)
Hash
0efaf4f68004f47a151f172c7321a570
3f2f429b98c20dd286d78dc3e65dee4e05fca9db
1bdea0f1deb2580d6b37d254c389e728f8bed407d23873441db892d3904a976b

HTTP Headers

GET /styles/default/xenforo/smilies/yahoo/2.gif HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: image/gif
content-length: 995
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1001, status=webp_bigger
etag: "61024002-3e9"
expires: Sun, 25 Dec 2022 02:05:57 GMT
last-modified: Thu, 29 Jul 2021 05:43:30 GMT
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 120831
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jJt0989HhcRr4c%2F94N3pegrHAEcO6uD9VvYqM%2BZ4IrGiApy3yZdrnShCzekymAQWe1bPRaba902nwd56nOa5QPcktaSZ835QuLtN0QyGSEpg8KH7%2FF0Jt0kSbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702587a2b59b4eb-OSL
X-Firefox-Spdy: h2

xamvn.art/data/avatars/m/424/424241.jpg?1660195501

172.67.69.40

200 OK

2.9 kB

URL HTTP/2
xamvn.art/data/avatars/m/424/424241.jpg?1660195501
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 96x96, components 3\012- data
Size
2.9 kB (2932 bytes)
Hash
b378bf034e6d79da64611cc669263306
48fc993ea84f2e246ffe588c28b05ec1e721d7bf
802b3e4c12388e563015d783e039c5c0bf1d50b783cd9dd9f0f0e1cee4a7de24

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/avatars/m/424/424241.jpg?1660195501 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: image/jpeg
content-length: 2932
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "62f492ae-b74"
expires: Mon, 26 Dec 2022 10:56:27 GMT
last-modified: Thu, 11 Aug 2022 05:25:02 GMT
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 2601
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xmG5UeRQnLMuXFtQ19abBbqMSPbphXjAOEQCyNkmjSzcC5d1%2FXGW2N1p7FYcRt2WqU9OBurwneBfgcjyC8bkG4k%2BaDfPi6MOxt3VpqeqJRctwyjQL0PCm0puQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702587a2b5bb4eb-OSL
X-Firefox-Spdy: h2

i.imgur.com/WtiAtPt.jpg

151.101.84.193

200 OK

30 kB

URL HTTP/2
i.imgur.com/WtiAtPt.jpg
IP
151.101.84.193:0
ASN
#54113 FASTLY

File type
JPEG image data, baseline, precision 8, 408x360, components 3\012- data
Size
30 kB (29734 bytes)
Hash
ee45a3e327261bb283729a461cd98e7f
f2b45e715a4d8f1446345d2bc61278b1e137dc81
be4b5ed1ca05445a8eefbff9a220bffebfc68767ccfd60dcb0ab93ca330dff90

HTTP Headers

GET /WtiAtPt.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:13:58 GMT
etag: "ee45a3e327261bb283729a461cd98e7f"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 26 Nov 2022 11:39:48 GMT
age: 3968645
x-served-by: cache-iad-kjyo7100125-IAD, cache-bma1633-BMA
x-cache: HIT, HIT
x-cache-hits: 2598, 1
x-timer: S1669462788.252331,VS0,VE26
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 29734
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Sat, 26 Nov 2022 13:04:53 GMT
Date: Sat, 26 Nov 2022 11:39:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 02:19:43 GMT
age: 33605
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11150 bytes)
Hash
d0f860248042a8499ffb1701a880b2ba
845842c789e6e97fd1687e668d446bbb8309ffc7
9eca5258c7b6e4e145ca6576a3f3791f1324714404ffd7a56a61961f81e7bd44

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11150
x-amzn-requestid: 0b773c28-feda-41a2-9de6-8b559bd773eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC5EukoAMFxfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-3bfe118939abc352072c5af1;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TpEr70sCNigNhVg7rDFIUG12AVpzC0BUW6-xW3QTvjLcBUrpehjJbQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 50022
etag: "845842c789e6e97fd1687e668d446bbb8309ffc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6789 bytes)
Hash
926df9839ec3d924b563b55d8bccace8
c47a3884465fc02b5c57faa5ffbd986ba29c64c2
a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yM8EHyxy6pUHVZhGUOHuFOU-Z4eTyL2N3Ooa6QMrPlIfp6X5I_JBRw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 50022
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9787 bytes)
Hash
95101ded0fe92a85649a086992948008
afed98649590f2524a9e530c53eebbc1ba36da6a
7f754cb2105494045efe657c47313e77bb26361ca45a6f8cbce1fdb52a15ba01

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9787
x-amzn-requestid: 51d9848a-868c-4e51-b1a8-30596d0108b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUfxHjToAMFeGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813464-749244df2aa06b23445d675c;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wkBPzz1thuM-Nm7rBY68psfSROU1fbCCO-TbpBBrYLQmH1ZxQEV1vg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:47:48 GMT
age: 49920
etag: "afed98649590f2524a9e530c53eebbc1ba36da6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3502 bytes)
Hash
a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 27850
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9049 bytes)
Hash
c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 49868
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

xamvn.art/data/avatars/m/110/110963.jpg?1664780485

172.67.69.40

200 OK

3.9 kB

URL HTTP/2
xamvn.art/data/avatars/m/110/110963.jpg?1664780485
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 96x96, components 3\012- data
Size
3.9 kB (3918 bytes)
Hash
d0c3ed4802a0ce13c0559ca2db7185ea
f98e871db9be9b197d1767b7622b87c94a839f6b
7f34456af776d4b4c2808066118f17fc16b7db1b0bed4b0842496303a1587da4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/avatars/m/110/110963.jpg?1664780485 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: image/jpeg
content-length: 3918
last-modified: Mon, 03 Oct 2022 07:05:57 GMT
etag: "633a89d5-f4e"
x-powered-by: VPSSIM
expires: Mon, 26 Dec 2022 11:39:48 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI1QRgw8hlAccPr2Imlw3UnH3e7ruv2yMG2u41YeLiwbC3g4BbfAF52CFIX4PYb8mYtW8g0sNq07bwZh88cJc5LrHltsQzUA%2BAL26MzUH%2BNTnH4IS4HPPhJMFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702587a2b5cb4eb-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
cbf6bfb5cfe771e1978664ad91025548
37229a8fdc7db73bbacde095a44f32b1025caa7a
28df72848b5903a91970e9758a2dd5a9c81c88043ec3b4830f956483cb50c60d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:39:49 GMT
Etag: "63807bd1-116"
Server: ECS (amb/6B95)
Content-Length: 278

xamvn.art/js/xf/preamble.min.js?_v=e242e111

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/js/xf/preamble.min.js?_v=e242e111
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xf/preamble.min.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
last-modified: Mon, 17 Oct 2022 15:49:23 GMT
vary: Accept-Encoding
etag: W/"634d7983-cc0"
x-powered-by: VPSSIM
expires: Sun, 25 Dec 2022 01:59:53 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2ByzqrtC9Gsqm01zxeJj%2BOPjhHD375B08ve1Tr1G6pCjQEgTn%2FCnlra0WM%2BsnnzLGQe40dbIXkCG8ElMTol8RUn10fWF8z03j%2B76mhGZQ52RejeLYL7TtPGlGvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871594db4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/styles/FontAwesome5/webfonts/fa-solid-900.woff2

172.67.69.40

404 Not Found

0 B

URL HTTP/2
xamvn.art/styles/FontAwesome5/webfonts/fa-solid-900.woff2
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /styles/FontAwesome5/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 11:39:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IL%2Bm%2FmhwrFZ%2BwP4JF%2B0heIQQEa1g3FYor2uVmZoQkLppaXB3IZTp6avGpVu2f4FTKESqHnIQKvRAorZg%2FkMErp%2BAOL%2BHvBZNheEy13XNh1QnAvYLoNZZ3w837w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258715944b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/styles/FontAwesome5/webfonts/fa-brands-400.woff2

172.67.69.40

404 Not Found

0 B

URL HTTP/2
xamvn.art/styles/FontAwesome5/webfonts/fa-brands-400.woff2
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /styles/FontAwesome5/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 11:39:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dK1FtXK4gjmSxHKDzyv8WC2soilioysNnaq84HrJVvNtZjBz5%2BI2gNTv4fnDbkrBXbMqAKrOqt74OrfVD2aaJ9hEIrcAhLhLkG6jxjw2QkrxtySHoczKTpSDMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258715947b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/styles/FontAwesome5/webfonts/fa-regular-400.woff2

172.67.69.40

404 Not Found

0 B

URL HTTP/2
xamvn.art/styles/FontAwesome5/webfonts/fa-regular-400.woff2
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /styles/FontAwesome5/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sat, 26 Nov 2022 11:39:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnIUJJicvPphkdC5g0mp4e2zUtkEbOmjE8NAqNJm5r17eYsh2TW0Kvjfjk0J34PM7St07zk9EeoMs%2BK8CNKVYQLt53s9jD%2Fyxt3csRbY3SbU%2FGcukA1JbMYJKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871390cb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/js/themehouse/covers/index.js?_v=e242e111

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/js/themehouse/covers/index.js?_v=e242e111
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/themehouse/covers/index.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=12484
etag: W/"634ff9a7-30c4"
expires: Sun, 25 Dec 2022 02:01:05 GMT
last-modified: Wed, 19 Oct 2022 13:20:39 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SbPFATZUI%2BHK%2F7I8NgHRdanbaiDTeeBjibHDIBWUeGqgCNRIECp7v%2FOt8r%2F4O40ga0ytrj%2BtG%2FGO1Q3XSCA5NwqA0LtM9GQ4eGqev3mlJUAw1ICgyixSJwz9%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a8ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/js/xf/core-compiled.js?_v=e242e111

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/js/xf/core-compiled.js?_v=e242e111
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/xf/core-compiled.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=211947
etag: W/"634d7983-33beb"
expires: Sun, 25 Dec 2022 01:59:53 GMT
last-modified: Mon, 17 Oct 2022 15:49:23 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MjkrnmIMw8CPN9Df9UwX3D%2F7VphfGL40Vqp5GjxcbdF%2FhDXBB7YBZXDTjoNHWmLzRP3ge13zSELJgQWulnId739AKP3dCnIMy50c5h%2Bxi9oPY6VwYyQmbUaKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a7fb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/page-2 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
last-modified: Sat, 26 Nov 2022 11:39:48 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTDMzBcaitVJ7sYaVkLGvihSaFwfEHYkxa8ngglMqpYRBbOtWl6fSeNuiaK8rJ0YYGcLYPpojjfJydettcAR7SuUNYBqKGS1BP3W9agKr193tD2pMfpeOVyyxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702587b0cb8b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=7&l=2&d=1668778700&k=034405c740f279c15adbbc41dfccb627ca90db04 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/css; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
expires: Sun, 26 Nov 2023 11:39:47 GMT
last-modified: Fri, 18 Nov 2022 13:38:20 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-powered-by: VPSSIM
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGS78cxrojiwG9Iox7lcui4g7bKdqyktNxdd0MAZQSX9pAZvCPLJDhGd4LF7UhF4bLLn35aaCVM1%2FSS%2Fv0yV8pO2fFHlNbLWOuY1q0Hgf3I0HkeDjGFoMjsq7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871594ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/css.php?css=public%3Aaltf_thread_field_column_list.less%2Cpublic%3Abb_code.less%2Cpublic%3Amessage.less%2Cpublic%3AozzmodzTextLogo.less%2Cpublic%3Ashare_controls.less%2Cpublic%3AsmokeMarkScammer.less%2Cpublic%3Astructured_list.less%2Cpublic%3Ath_covers.less%2Cpublic%3Athholidays_holiday_4.less%2Cpublic%3Athholidays_leaves.less%2Cpublic%3Aextra.less&s=7&l=2&d=1668778700&k=57199eab16f629286a62502fbe5b5cbbba28f294

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/css.php?css=public%3Aaltf_thread_field_column_list.less%2Cpublic%3Abb_code.less%2Cpublic%3Amessage.less%2Cpublic%3AozzmodzTextLogo.less%2Cpublic%3Ashare_controls.less%2Cpublic%3AsmokeMarkScammer.less%2Cpublic%3Astructured_list.less%2Cpublic%3Ath_covers.less%2Cpublic%3Athholidays_holiday_4.less%2Cpublic%3Athholidays_leaves.less%2Cpublic%3Aextra.less&s=7&l=2&d=1668778700&k=57199eab16f629286a62502fbe5b5cbbba28f294
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css.php?css=public%3Aaltf_thread_field_column_list.less%2Cpublic%3Abb_code.less%2Cpublic%3Amessage.less%2Cpublic%3AozzmodzTextLogo.less%2Cpublic%3Ashare_controls.less%2Cpublic%3AsmokeMarkScammer.less%2Cpublic%3Astructured_list.less%2Cpublic%3Ath_covers.less%2Cpublic%3Athholidays_holiday_4.less%2Cpublic%3Athholidays_leaves.less%2Cpublic%3Aextra.less&s=7&l=2&d=1668778700&k=57199eab16f629286a62502fbe5b5cbbba28f294 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:47 GMT
content-type: text/css; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
expires: Sun, 26 Nov 2023 11:39:47 GMT
last-modified: Fri, 18 Nov 2022 13:38:20 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-powered-by: VPSSIM
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DL7F4Yi%2FstyoIEahhBgngB2%2BnzggTBpM5jOPvXIJ0PbZGMEfbwDOraaPMHBPb4UeOBobBB9MqvRpehMR%2FVXRIcS8uMqgZt7sodwutFxHoehdDKWeAdps9xmxng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025871594cb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/index.php?sw/cache.json

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/index.php?sw/cache.json
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /index.php?sw/cache.json HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xamvn.art/service_worker.js
Connection: keep-alive
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
last-modified: Sat, 26 Nov 2022 11:39:48 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
x-powered-by: VPSSIM
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c0RbKtYib9ypMxjUZeL3i%2Biu6ns%2BWmaXWPq%2Fq8Pfr5VgjF9y6wKEbCxJrsBb1kPxHvhDRukgdmoz%2BA5470JlnAYMOS%2BTyBcvvmTHi%2Fw31Joxq3ZNk6fjgVsaKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702587c1e5ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/ HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
last-modified: Sat, 26 Nov 2022 11:39:46 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
vary: Accept-Encoding
set-cookie: xfa_csrf=eJCctWik4cnmXB1G; path=/; secure
x-powered-by: VPSSIM
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hckmfUAETFQMnBfUJtGooiNmZMu7Mro6%2BjEpYqD%2FrlQutGxYRPYycwHuwfEFlkZkxcy29czTSPoKYPJJeyUwZKOLtNxC6zX%2FE2DntKh5w%2BJpaxcb%2BPgeKhwsZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702586cdaeab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

asiacpx.com/www/delivery/asyncjs.php

172.67.209.128

200 OK

0 B

URL HTTP/2
asiacpx.com/www/delivery/asyncjs.php
IP
172.67.209.128:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /www/delivery/asyncjs.php HTTP/1.1
Host: asiacpx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: text/javascript;charset=UTF-8
expire: Sat, 26 Nov 2022 12:39:47 GMT
cache-control: private, max-age=3600
p3p: CP="CUR ADM OUR NOR STA NID"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pc8xDtgbZ8AQC5%2FP3dL1J%2FtFNVKwggBpzeEqmvyPmPD8QhSZP41m3TfNRYb7ikcqXq2Uzbf32%2Be629F0bEJKwy8kAttzfm5NOKjX%2FKR87XwDOL%2FoTyfZ51dqgyKVnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77025877fa5d0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

xamvn.art/service_worker.js

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/service_worker.js
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service_worker.js HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:48 GMT
content-type: application/javascript
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=6028
etag: W/"634d797c-178c"
expires: Sun, 25 Dec 2022 01:59:54 GMT
last-modified: Mon, 17 Oct 2022 15:49:16 GMT
vary: Accept-Encoding
x-powered-by: VPSSIM
cf-cache-status: HIT
age: 121194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajJ5goqNkcBqXFcOQIRAumMM2TTQ3pxtWMjfp73L7qShP28zMdodD01Xft1WjBxEBON5O0QIXP6KgcCMMoMFj8NitkXNyYM91hstiogZERx%2FRzyVuiP9SCCrDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702587b0ceeb4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111

172.67.69.40

200 OK

0 B

URL HTTP/2
xamvn.art/js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/vendor/jquery/jquery-3.5.1.min.js?_v=e242e111 HTTP/1.1
Host: xamvn.art
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xamvn.art/r/co-tml-nao-bi-nhiem-human-immuno-deficiency-virus-khong.520349/
Cookie: xfa_csrf=eJCctWik4cnmXB1G
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:39:46 GMT
content-type: application/javascript
last-modified: Mon, 17 Oct 2022 15:49:42 GMT
vary: Accept-Encoding
etag: W/"634d7996-15d84"
x-powered-by: VPSSIM
expires: Sun, 25 Dec 2022 01:59:53 GMT
cache-control: public, max-age=16070400, must-revalidate, proxy-revalidate
cf-cache-status: HIT
age: 121193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oe4AifC5vylrsGrdqvQfyh%2FmgI5B6fnMyT5Uuw3gu7rekCSMghL%2Flao6y3POeDA%2F%2B8VgFc0FkI9j7WbQw9EP9%2F9IkxvVkOvRvWZ4MJJqMfptn6zQVBI9aV7%2BLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770258724a73b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations