gkfxprime.com/VN
107.154.80.92301 Moved Permanently 151 B IP 107.154.80.92:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cde1028927028a00130681ba56902d93
4e35371c8ef8bbc25f49e849e623b3edb8e209a2
d30fc0f9470beae279e0235bdd7a3b9589ecd8baaa9c12e2bcc2126f6730e603
Analyzer Verdict Alert quad9 Sinkholed
GET /VN HTTP/1.1
Host: gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://www.gkfxprime.com/VN
Server: Microsoft-IIS/10.0
Content-Security-Policy: frame-ancestors cms.gkfxcambodia.com cms.gkfxprime-china.com cms.gkfxprime.com.cn cms.gkfxprime.com cms.gkfxprimecn.com www.investo.vn https://partnersportal.gkfxprime.com/ http://cn.gkfxprime.vip/ http://cn.gkfxprime.top/ http://fx.cngkprime.com/ http://mt4.cngkprime.cn/ http://www.cngkprime.com/ http://www.facebook.com/ https://www.facebook.com/ http://www.gkfxprimecnonline.com/ https://www.gkfxprimecnonline.com/
Date: Wed, 23 Nov 2022 12:13:27 GMT
Content-Length: 151
Set-Cookie: visid_incap_1960783=FNv5ENCbTtGFTnwWKph8AmcOfmMAAAAAQUIPAAAAAACuimg/UdJ8d2kAy+rh5w7n; expires=Wed, 22 Nov 2023 22:15:12 GMT; HttpOnly; path=/; Domain=.gkfxprime.com
incap_ses_7235_1960783=iNtyIyvdCXvKMFiQr+JnZGcOfmMAAAAABmU66GhOuEKbwsdXaYly7A==; path=/; Domain=.gkfxprime.com
X-CDN: Imperva
X-Iinfo: 13-46806718-46806720 NNNN CT(40 -1 0) RT(1669205607099 74) q(0 0 1 0) r(1 1) U11
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7500
Expires: Wed, 23 Nov 2022 14:18:27 GMT
Date: Wed, 23 Nov 2022 12:13:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5507
Cache-Control: max-age=85775
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:27 GMT
Etag: "637ca4f3-1d7"
Expires: Thu, 24 Nov 2022 12:03:02 GMT
Last-Modified: Tue, 22 Nov 2022 10:31:15 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 23 Nov 2022 11:18:47 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3280
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3569
Expires: Wed, 23 Nov 2022 13:12:56 GMT
Date: Wed, 23 Nov 2022 12:13:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3WE7w6PeVvPAavAM4fdH6hvDGhbH1puRAIdcjWTq70c8jUUk986Qg+fSlxfFNAxaBA5ogI0P2kg=
x-amz-request-id: 4J3Z1WY4HHA1Y2XJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 23 Nov 2022 11:39:59 GMT
age: 2008
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 23 Nov 2022 12:13:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 23 Nov 2022 12:08:53 GMT
cache-control: public,max-age=3600
age: 275
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.gkfxprime.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=748958957
107.154.80.92200 OK 20 kB URL HTTP/2 www.gkfxprime.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=748958957
IP 107.154.80.92:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 32b058dd8977ad207bbfc30c0bd42c20
80870e131ae32fb096ed339e1690ebf0b55768a8
56df4be5343246066051551457c5c555dc7689aa2367bdfc6bdc9a19cae1db4f
Analyzer Verdict Alert quad9 Sinkholed
GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=748958957 HTTP/1.1
Host: www.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/VN
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/javascript
content-encoding: gzip
x-robots-tag: noindex
content-length: 19524
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb4ee3082622f9f3340432290d63437e
852ca64934462e133e34043fca561aca215e6255
d4c2f665873baede94309128e276df6fdf7f0e1ec15699e75cd6bae2c24d556a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eb52164d651f5f45416e873aec29eb04
405b29bb7e7cd4367cf82988f8603e53db65f139
ed885e05db822ff30fe951e10b6d4f21e574d053939afca792992a1549a15301
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3752
Cache-Control: max-age=165357
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:28 GMT
Etag: "637de2ad-1d7"
Expires: Fri, 25 Nov 2022 10:09:25 GMT
Last-Modified: Wed, 23 Nov 2022 09:06:53 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtm.js?id=GTM-KRCVH9S
142.250.74.168200 OK 82 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KRCVH9S
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (54077)
Hash 1b54a7049f30d68f4b31bdd4f95ebe49
31535c57d46d53943ec1870c6ecd639150bc8610
fa36d32d780c4edbfc4d3e2f56de2048f95aa939af67aebf29034d558b883cf4
GET /gtm.js?id=GTM-KRCVH9S HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 23 Nov 2022 12:13:28 GMT
expires: Wed, 23 Nov 2022 12:13:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81559
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb4ee3082622f9f3340432290d63437e
852ca64934462e133e34043fca561aca215e6255
d4c2f665873baede94309128e276df6fdf7f0e1ec15699e75cd6bae2c24d556a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 2a5dbb627838ed48a6fe8bcfae14b316
d404f9a3ce94a25ec00d2886add9f8e7fe23df15
d868222fb113bad333ef74a9e37491da3849b3f47e3c355d28550beee4842a4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 12:13:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 05:26:09 GMT
Expires: Wed, 30 Nov 2022 05:26:08 GMT
Etag: "d404f9a3ce94a25ec00d2886add9f8e7fe23df15"
Cache-Control: max-age=579759,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e9d1af1bb6b518-OSL
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jeW3GeQjCzMaiCyw7+lNtg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mEYyRv7I/W0dy7QTIKLNUy8cYCo=
wps.relateddigital.com/relatedpush_sdk.js?ckey=D04B4265116B401EBAF660E17196860F&aid=df01114c-6fc8-4743-870a-eedd8f581ee5
91.235.64.232301 Moved Permanently 227 B URL HTTP/1.1 wps.relateddigital.com/relatedpush_sdk.js?ckey=D04B4265116B401EBAF660E17196860F&aid=df01114c-6fc8-4743-870a-eedd8f581ee5
IP 91.235.64.232:0
ASN #201160 Dogus Bilgi Islem ve Teknoloji Hizmetleri A.S
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 040595abe06d6a391074d2ff7349aeea
111e300738ece7900068b1950df7811eb65ff6d2
799117e5e6fded01172e86b677d1b652de87767d14e626e89eab6e05841ced5f
GET /relatedpush_sdk.js?ckey=D04B4265116B401EBAF660E17196860F&aid=df01114c-6fc8-4743-870a-eedd8f581ee5 HTTP/1.1
Host: wps.relateddigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://rpdn.relateddigital.com/rdsdk/D04B4265116B401EBAF660E17196860F/df01114c-6fc8-4743-870a-eedd8f581ee5.js
Server:
Set-Cookie: BlueStripe.PVN=31e000268a87; path=/
X-AspNet-Version: 4.0.30319
LB: 18
X-Powered-By: ASP.NET
Date: Wed, 23 Nov 2022 12:13:27 GMT
Content-Length: 227
Strict-Transport-Security: max-age=157680000
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 778c8190c445bed77d96ba954f41fe6d
f92ee40e6323c7b362a31169bbb8759461e604f2
3a49cce7eb0667df3289c598e627eea8c6e71210b093d053a91c16096eb12b22
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 12:13:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 23 Nov 2022 00:59:06 GMT
Expires: Thu, 24 Nov 2022 00:59:06 GMT
ETag: "f92ee40e6323c7b362a31169bbb8759461e604f2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 778c8190c445bed77d96ba954f41fe6d
f92ee40e6323c7b362a31169bbb8759461e604f2
3a49cce7eb0667df3289c598e627eea8c6e71210b093d053a91c16096eb12b22
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 12:13:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 23 Nov 2022 00:59:06 GMT
Expires: Thu, 24 Nov 2022 00:59:06 GMT
ETag: "f92ee40e6323c7b362a31169bbb8759461e604f2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 778c8190c445bed77d96ba954f41fe6d
f92ee40e6323c7b362a31169bbb8759461e604f2
3a49cce7eb0667df3289c598e627eea8c6e71210b093d053a91c16096eb12b22
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 12:13:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 23 Nov 2022 00:59:06 GMT
Expires: Thu, 24 Nov 2022 00:59:06 GMT
ETag: "f92ee40e6323c7b362a31169bbb8759461e604f2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 778c8190c445bed77d96ba954f41fe6d
f92ee40e6323c7b362a31169bbb8759461e604f2
3a49cce7eb0667df3289c598e627eea8c6e71210b093d053a91c16096eb12b22
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 12:13:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 23 Nov 2022 00:59:06 GMT
Expires: Thu, 24 Nov 2022 00:59:06 GMT
ETag: "f92ee40e6323c7b362a31169bbb8759461e604f2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.gkfxprime.com/relatedpush_sw.js
107.154.80.92200 OK 81 B URL HTTP/2 www.gkfxprime.com/relatedpush_sw.js
IP 107.154.80.92:0
File type ASCII text, with no line terminators
Hash 2295b9e30be064875fd5ef265492b9a6
a518c9d74f2137503587cfa17eb6a43653440717
4bb9be01296225a4ec2a6d6336355b6751b25641e39b3129af253546a9b2a26e
Analyzer Verdict Alert quad9 Sinkholed
GET /relatedpush_sw.js HTTP/1.1
Host: www.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
etag: "8b4976c2"
last-modified: Mon, 08 Aug 2022 06:36:47 GMT
content-type: application/javascript
content-length: 81
content-encoding: gzip
cache-control: max-age=0
date: Wed, 23 Nov 2022 12:13:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
x-iinfo: 14-64409320-64395083 2CNN RT(1669205607544 1560) q(0 0 0 -1) r(0 0)
X-Firefox-Spdy: h2
wps.relateddigital.com/relatedpush_sw.js
91.235.64.232200 OK 1.2 kB URL HTTP/1.1 wps.relateddigital.com/relatedpush_sw.js
IP 91.235.64.232:0
ASN #201160 Dogus Bilgi Islem ve Teknoloji Hizmetleri A.S
File type ASCII text, with CRLF line terminators
Hash 3c3509db30711bfee335f7e7dfbac78f
f0100abfb12b1648f87a1ffa05bb16a525ebf86b
fc5c3cb1a954e456fcf97f20a12458f801204969f2ce30c5b9ae2f96eead4e91
GET /relatedpush_sw.js HTTP/1.1
Host: wps.relateddigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public, no-cache="Set-Cookie"
Content-Type: text/javascript
Content-Encoding: gzip
Last-Modified: Thu, 15 Oct 2020 13:16:28 GMT
Vary: Accept-Encoding
Server:
Set-Cookie: BlueStripe.PVN=1cfc00281f58; path=/
X-AspNet-Version: 4.0.30319
LB: 17
X-Powered-By: ASP.NET
Date: Wed, 23 Nov 2022 12:13:29 GMT
Content-Length: 1217
Strict-Transport-Security: max-age=157680000
wps.relateddigital.com/relatedpush_sw.js
91.235.64.232304 Not Modified 0 B URL HTTP/1.1 wps.relateddigital.com/relatedpush_sw.js
IP 91.235.64.232:0
ASN #201160 Dogus Bilgi Islem ve Teknoloji Hizmetleri A.S
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /relatedpush_sw.js HTTP/1.1
Host: wps.relateddigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 15 Oct 2020 13:16:28 GMT
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Cache-Control: private
Content-Type: text/javascript
Server:
Set-Cookie: BlueStripe.PVN=31e000268aaf; path=/
X-AspNet-Version: 4.0.30319
LB: 18
X-Powered-By: ASP.NET
Date: Wed, 23 Nov 2022 12:13:28 GMT
Strict-Transport-Security: max-age=157680000
sgcdn.gkfxprime.com/web/img/header/logo-rmenu.svg?v=1.0.1799
13.250.173.21200 OK 26 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/header/logo-rmenu.svg?v=1.0.1799
IP 13.250.173.21:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash ce4d8712f974350ef5c6c1269b998199
bbde0b3cfae79abba990e4be9ab185c940f50b68
a10f3e8abebcfe6cb8767536b4b301c10d663f0e838314b42cb540334416a3d9
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/header/logo-rmenu.svg?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 06 Apr 2021 12:35:24 GMT
accept-ranges: bytes
etag: "7a462c51e12ad71:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 26025
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 12:13:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 12:13:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 12:13:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6380f73d47906bd63b9c48137e4df61
94e053461d2db89e9d08321f26a2555ebcd7e0b9
84144e3c3e7acc7339fd1da9b373f18582734b6f4d235b2aef8c90616ed1c8a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5914
x-amzn-requestid: 175363fa-bb7a-4c95-8aa4-ebb3f16f3745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1lI3HaqIAMFmTA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63788238-1bb736b52bbae37c5e19486f;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 39Lmple6qq9vrKeKJ4lcditVdK5XfRFtv3Cs0_R8B7pVDYPiRAGFtg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 22:13:08 GMT
age: 50422
etag: "94e053461d2db89e9d08321f26a2555ebcd7e0b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 12:13:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6378ed5-9377-4686-98bd-f799fa2d276b.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6378ed5-9377-4686-98bd-f799fa2d276b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73d326a472c49597186498283399b596
5f61c5e418f95e10e5b1260aac63a226dc26ab0b
143bef27d23a287bfa99421c33f28a4c8d37ad50d6b75d93ce4a3a167b9b5401
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6378ed5-9377-4686-98bd-f799fa2d276b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7627
x-amzn-requestid: 14fa1fb6-1af2-485d-ae6e-3c05baaf6944
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1eJnHTXoAMFryQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6378770a-738012af5c6313191ca29f38;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 06:26:18 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Lj2WKFWupspDwkhlsfhyvf3p2tabXaZNMQGnxQ4qLq5VU1JT1DSi0w==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:54:17 GMT
age: 51553
etag: "5f61c5e418f95e10e5b1260aac63a226dc26ab0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ezHvyK3va4SioabOjSittTiLQRs_Q8k4TPxkiGp_svtZ8omDPTUN-A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 05:01:14 GMT
age: 25936
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c463ad-46db-4c1c-a9ef-76d12a5dbcd7.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c463ad-46db-4c1c-a9ef-76d12a5dbcd7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 31e6c88ba7f6e2f34a3f8c0986a5d358
ee9fe28661702bb56a5eae71ab66dda08c87cf50
9fa1bbbe3c52215f34509683ae2c1992f2319e2eef36e93dc1e6a29fe17df39b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c463ad-46db-4c1c-a9ef-76d12a5dbcd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9422
x-amzn-requestid: 61475bac-5ed8-4661-b9a4-055578afe9d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5AHZ8oAMFfAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d06-7e69e5cd1afef9ee089f9d75;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:02 GMT
x-amz-cf-pop: SFO5-C3, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sMYTVN-IORXjnkopVsJADA2eo6hd_RytfhrADXP2gvWl2YhDSpZOrA==
via: 1.1 86eb67c9cdffbb1cad0c7a18a9b0f5a4.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:56:38 GMT
age: 51412
etag: "ee9fe28661702bb56a5eae71ab66dda08c87cf50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d5a9928-3c61-44dc-af42-7d4e3c891caa.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d5a9928-3c61-44dc-af42-7d4e3c891caa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03830e3ff377979c234bf37561c54cfd
c18884ce9370c97e6b4e12ab0f827d68a1938bfa
5ba8bfc69c7eba42de4a16bf6d1e1e3570cd3918fe15cb8b2d25950ef791ddbb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d5a9928-3c61-44dc-af42-7d4e3c891caa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8365
x-amzn-requestid: e6c2ec6e-525e-4b9f-a45d-63076580df5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrpFJ3oAMF4mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee4a-576f678b6e364bca09532010;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RjuSNwOFpk7_LY-bp-R4iKsz33D4T5Are-BNb2ftPT-N_g0W2PDeuQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:44:55 GMT
age: 52115
etag: "c18884ce9370c97e6b4e12ab0f827d68a1938bfa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f159cda-2152-46b5-8f3f-971d5d406960.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f159cda-2152-46b5-8f3f-971d5d406960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 050f43f830803646a2ece48e01ac8d24
d359314799f8873b35580dd5f8c64b75dfa4ffe3
d4ad8c9e5e1fe428c55c02e567aba32664055f8a881ee6aff8438c3a09124f3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f159cda-2152-46b5-8f3f-971d5d406960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6475
x-amzn-requestid: b3f37508-ce80-4bfd-8f40-d98c1ee57f7d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: byQlaF-9IAMFh8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63772e22-42b6d99c69142d1e37161d69;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 07:02:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PZE1jHafMw2Qp-hgWemayemh8jLD57th6a2hD55aLhj4KSyjR-rvmQ==
via: 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 07:15:53 GMT
age: 17857
etag: "d359314799f8873b35580dd5f8c64b75dfa4ffe3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/carousel/en/bg-03-inner.png?v=1.0.1799
13.250.173.21200 OK 53 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/carousel/en/bg-03-inner.png?v=1.0.1799
IP 13.250.173.21:0
File type PNG image data, 469 x 452, 8-bit colormap, non-interlaced\012- data
Hash d3e07951b6ef3c69a8a21171d8d66cd2
b788ac841b1e8f2fc09d70b22eb2b0ec1fb04819
e9b698c09c3ccf55d5581f59d69bb32886b4313ce3d4a04f11e455a5010bbeb7
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/carousel/en/bg-03-inner.png?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 23 Sep 2022 07:06:45 GMT
accept-ranges: bytes
etag: "b658c2a1bcfd81:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 53217
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/footer/footer-logo.svg?v=1.0.1799
13.250.173.21200 OK 14 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/footer/footer-logo.svg?v=1.0.1799
IP 13.250.173.21:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1103)
Hash e7e2a350eae0a438e02af65ea1264418
9d80161340e5fdaf252d33581f0c5aaf7e61f259
aa9ad6da3b7a37fae06b083101ff6bc6769dc97502ca8ab699a7a55f88adfe3c
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/footer/footer-logo.svg?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 06 Apr 2021 12:35:24 GMT
accept-ranges: bytes
etag: "8ee42951e12ad71:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 14325
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/css/countries/shared.vn.min.css?v=1.0.1799
13.250.173.21200 OK 8.3 kB URL HTTP/2 sgcdn.gkfxprime.com/web/css/countries/shared.vn.min.css?v=1.0.1799
IP 13.250.173.21:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (44883), with no line terminators
Hash 67b778ae1cd392b85cd5c2386a8dd5c8
ecf82f152f67da3d011e918d78b50a7632c98ba6
82839b07f77e55683863fa793a920f632b66214442d334a3c53eede4ec0419a6
Analyzer Verdict Alert quad9 Sinkholed
GET /web/css/countries/shared.vn.min.css?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 09:11:39 GMT
accept-ranges: bytes
etag: "44abea463d9d81:0"
vary: Accept-Encoding,Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 8275
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/banner/banner_VN/bg-03-inner.png?v=1.0.1799
13.250.173.21200 OK 113 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/banner/banner_VN/bg-03-inner.png?v=1.0.1799
IP 13.250.173.21:0
File type PNG image data, 881 x 623, 8-bit colormap, non-interlaced\012- data
Size 113 kB (113006 bytes)
Hash 3085dbeb17c4fc9e104f5a37e51a1c23
4858434575d4f08aea7c39a5c60ae5f22db094f1
71567a43d71e1c2a8847f72b09d87a0703bf9d0cef5e3cb233db4459ed1fcd0b
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/banner/banner_VN/bg-03-inner.png?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 30 Sep 2022 15:26:22 GMT
accept-ranges: bytes
etag: "f38034ffe0d4d81:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 113006
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/bundles/Validation?v=1.0.1799
13.250.173.21200 OK 14 kB URL HTTP/2 sgcdn.gkfxprime.com/bundles/Validation?v=1.0.1799
IP 13.250.173.21:0
File type ASCII text, with very long lines (34940), with no line terminators
Hash 1efd8d3647c25253db301020f7a37382
82397715f0e08e4a6bfcc3ae4926f2b7a9df7d24
04345f2907c33e5c5f33c4cd9f94644ae95a7e61208920fba21a358bf21f87d5
Analyzer Verdict Alert quad9 Sinkholed
GET /bundles/Validation?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: text/javascript; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding,Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 13975
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 778c8190c445bed77d96ba954f41fe6d
f92ee40e6323c7b362a31169bbb8759461e604f2
3a49cce7eb0667df3289c598e627eea8c6e71210b093d053a91c16096eb12b22
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 12:13:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 23 Nov 2022 00:59:06 GMT
Expires: Thu, 24 Nov 2022 00:59:06 GMT
ETag: "f92ee40e6323c7b362a31169bbb8759461e604f2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
sgcdn.gkfxprime.com/web/img/home/banner/b-1.1-img.png?v=1.0.1799
13.250.173.21200 OK 107 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/banner/b-1.1-img.png?v=1.0.1799
IP 13.250.173.21:0
File type PNG image data, 377 x 398, 8-bit/color RGBA, non-interlaced\012- data
Size 107 kB (107038 bytes)
Hash 0e726a1f7bee1b35329eb3deedc0305f
79c7257fd8bac09dea764c2dcc246cc5aa2ef69c
116c0a3f61dd8adff0ead69a49b05b6bd391ea7e4b45fc88350f2da8078c0933
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/banner/b-1.1-img.png?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 08 Dec 2020 13:12:46 GMT
accept-ranges: bytes
etag: "01bd7d163cdd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 107038
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/store/ips2.png?v=1.0.1799
13.250.173.21200 OK 196 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/store/ips2.png?v=1.0.1799
IP 13.250.173.21:0
File type PNG image data, 654 x 659, 8-bit/color RGBA, non-interlaced\012- data
Size 196 kB (196384 bytes)
Hash 792ff578832f21347bb754c7cb528d3e
bb3be965522e9c663d3e1c5886078cfebf02ee6c
aa359bdfc4fb38069f83466e667c3d1c6b9688db093b71c3a26c0fe5d8428c8a
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/store/ips2.png?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 19 Oct 2020 13:16:24 GMT
accept-ranges: bytes
etag: "59603bb1aa6d61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 196384
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/Scripts/jquery.globalize/cultures/globalize.culture.vi-VN.js?v=1.0.1799
13.250.173.21200 OK 1.1 kB URL HTTP/2 sgcdn.gkfxprime.com/Scripts/jquery.globalize/cultures/globalize.culture.vi-VN.js?v=1.0.1799
IP 13.250.173.21:0
Hash a493ccb7e19575365f784d8c205272fa
8ae9f2833c316472a9e76e0bcbde43e8e404830a
7e34ac196ac660eed00953c4cc1b3347f5b8a268f43cee50e200bca56feb6806
Analyzer Verdict Alert quad9 Sinkholed
GET /Scripts/jquery.globalize/cultures/globalize.culture.vi-VN.js?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: gzip
last-modified: Tue, 06 Apr 2021 12:35:04 GMT
accept-ranges: bytes
etag: "9bb2e644e12ad71:0"
vary: Accept-Encoding,Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 1081
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/js/development.js?v=1.0.1799
13.250.173.21200 OK 30 kB URL HTTP/2 sgcdn.gkfxprime.com/web/js/development.js?v=1.0.1799
IP 13.250.173.21:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (397)
Hash fe3f03272f30ff2715b608dc1d292f26
16b4b107bb5add11650baef06a27187837ad9479
65d3e685c381367a8a2145e51ec9e7d14ba4e6fb12a80958d2ee992d4894f787
Analyzer Verdict Alert quad9 Sinkholed
GET /web/js/development.js?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 15 Sep 2022 14:04:35 GMT
accept-ranges: bytes
etag: "ed7e4a16cc9d81:0"
vary: Accept-Encoding,Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
content-length: 30248
X-Firefox-Spdy: h2
www.gkfxprime.com/_Incapsula_Resource?SWKMTFSR=1&e=0.15986385758063326
107.154.80.92200 OK 1 B URL HTTP/2 www.gkfxprime.com/_Incapsula_Resource?SWKMTFSR=1&e=0.15986385758063326
IP 107.154.80.92:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer Verdict Alert quad9 Sinkholed
GET /_Incapsula_Resource?SWKMTFSR=1&e=0.15986385758063326 HTTP/1.1
Host: www.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/VN
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608; ___utmvc=YZVfBdufqrpcVeA1/YP45MZSEGARxUDD7KidaEkiL/aIv43FK1KzC5Z6C61O0iAb9hefmuuZhnpcWyoNSdOP68gLjWI5RKl2BVXs/JH5ExnG8ux5kQUMPW/aZA7HvTKCRMxMr6R2Ea40wPEzMXwTvsxBnrEYQT7kbk10w5Ewviz9v1DBmYAZhiXzs4uubgBdOa7gax/nxwrKSm/MPy6lO/s+eex0QLz9w7aP05oohAeqvybvy3s1w3CcYwa8d+mHdF79vwJYmQzw4Ym2dHj4FNrgbUpUkPB2KdnwUNxpR621tI3N815NDu1lXYNOOCaw/lLtmi4iz1NUytMAS7Oqf5pRgrtTxgsk3eRVki9MLikO2A0F/rKmTTU+mJTNjqJW77P3X6m78FnLghTBK2fVmdAOEy53dE+pGnf0YzLYpnkgzibg/8CsA3OmO47UcbPCuZvZLnR0KGsvtp1I+2zpw0McR6fQLwaa9IyMtpoVLoIHirgfMjZ9CUxqiwReFY5CoAhhSjaMgPsmypFX93P6Ugx6SnN18rhSGOW3fyTomyy6lFDlJ0dWzVCeuuB01ULeJBFKjYyTp0OK2HtPSO5y8PsmQRwlwFdu0LjS+5NDlKD63wkLeXeaL8E/r5v4hZq0ObiImIsxbk/xPc0Xekm/or0tUU6fiCgU+qBsGJu7XnqKaC4adS13cDmGcH9khvIH226KeBuQag0ql/ZCl0IN75D+4FTmPxvo17tZ3LNXx47M3zVyJogfwhOsY0PifVjrBRnOxDOnGftK2Rkcmv0pg3kd5Epv9KDKIub2VRf8isWftGX3cwgWbs66GYeGNJvY7TmgEAMGxWoQqPVwc8pTyjoLPXWnzNP86uadHBEEcESchpf6RBTEBzhe9sYa7RbasNscSXp8JIczXYJC5WFr4RQFLU3fILFgNTTfdsH8Y3q/rSEJp8hlpnWdJ7CrnL1DXMvk4Q6gwuIdWx+E7Jva5kxKYk86pXB0wJckfIsHYJcYup9ApQS6qW/yARuZP7ddlEc43qfsB09O3AcoaTFykNDmF5/hl7ZK71ej+9U7/UUjPKbSjkphOTjrMMcXjO4rRXdPwx9+fVKV3gVTm1JXIRMOoR2M/fHf/W1MI9Y5j/u6bP3MmkbIHCeayzNm9pi6eNdy28GUHSs/FVWCjW39mnhDnV5/TzwjYpR4pRRoTjeI3UtJP7QjP/Lzvdbl3f3Ow1nCiGg9VgkKpzLW+wXy/5zdQT3i9rHLsBkhgmofuD7Tp045uo8eeI1TZKxOmhLLoqPbD5XlFgAmLEOCJiztBWLMlkrTfdgzDNWUbK5QWNNQiIjSquSKjo7mJhGvihL0sCkUO5Q3Yd9+bvem1FG+YO1eUR45arvVeDcsbwbGYMNxDiGhgcSohkOZaa2omsqRraJOzxmhMS3OSpQN2U3AOUN7nNg1ycizhFqwLqif+hO3R6sOY4ffQuGAisnviI4zSMFZxIoctjcnQlCcDUDOBRiTd3kSVfsWb6zsHaFvfMWsT4hyAxI1JqcGeSMNaBJZKT0nJhYeCWtxdBTS+28IMjd1yvTOTbC6vETWv870ClbdaYdUa6Y5Mhx8z3dzsXYwA15VnsM1C9GvnTM5NB3fmZWGA0VaueZePhEgP1Ej2otV27sc8gNMYg1c7asDmMR1AALNoy/U5hlbkOkjy7HXgRtR9wgil8ebctQpREbFN+K3IT5DZFL6fh2cVtK/EKlYoBhJPCZgAerivCApFk2utwTqlSw9f2xwj3muGJqccxO7gFoB8zDPjokmsFa9zQbPfkRHMeDDL6qpt8KTur0E+TB+Gwg3Q/dms0aPHi8u9XBsThu8WUS17waW2bZs+ljtmLjl+UFWsImVGBnulfX6cKQF0ziVSNy9spbrclm6YrS0u1d6IlvHjdJ4/p5tqWVmzh8s6yQc600Ticuk6Q828pAmV4CF3vt/wZ6dGud6+Pd5wpBz+19NSQMU6DtBraPTLKetJgA6R1jjL5CX3aa0ilk0sGqNZQW05LXmuPV2GPJl38u/e4eI0vfjPeR43YMrbyxWJ46pnjM78nIW9s5ig5cYkVwpZTnfvOHo4cAm+Xmo5TWATu7uFwD2wx2vRvCAOIQBWkinj4sH7iCmD+jG1rAwXugqNCoZdwW8p9bx1g1HTFW+6MBSzOAvQKfFR9SgR8ex5qY1TLxifdjs74B8eEpOPdfL9AKbB/dRnoKhyBC/Jxjs/J+63rgpuRbVu7DvUo52HlwBZbSfDo8EwvWdpg9HAg/PIH7EaeY6qSkict0ygQWp0sQrv1gHse0E7H8hVPvwSxnRC5ub8+A4UJa9Tjh3PaEmEwBmbaemUSriPQ2JojCVE/I3YiZacdGhWMY0aHt9ArzbqaqWtiHpVhZFxNsSxDmir/Oc59igq4dq6rNgfc2fnsvnuBzye9zE2TfLSmDUbCSNVBkJEjSzZ2te/AuZdZ6WockwR2U/fgRStjTVYtB+xgETYAH9uFOPsjSprYKl14P/VFm67RlSR903CwjtAEYqZkQ+OdJg+r6xFiOXEYJRkMgxjLLg9vUveJvR2Sj1DKxOaBQSLoY6dd2jBaXIiVj9EygK+MXcMPBbrmbaQxKGvsOzAm255tf+gkAO8CX85tAZL79d8xNTw0enrmTP0OX63O7YriiB9KHfDz8hhVAfOjj515izKWCu3nks8hp7iyrHyQSKr3sWnU6FcVJLtCdshSxkaWdlc3Q9MTg2MTM5LHM9Njg2Nzg5NjQ4ODgwOTk3ZDZhYWE5NmEzODc4ZTZjOGI3OGIzNjE5ZDkwOTQ5ZjY0NWM3YzdlODg4YzkxYTY3YTgxNjY5NTcyOGI3OTczNmU=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: text/plain
x-robots-tag: noindex
content-length: 1
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/header/th/logo.svg
13.250.173.21200 OK 20 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/header/th/logo.svg
IP 13.250.173.21:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1448)
Hash f61862afe08e1663068a1b7a3b778e2a
d703a9503248102621c119c16370f7cfab187d18
d3228b33e1eab8b25db3debc57b32add7ae0d7cf331810e90edfb3c8a5a1b7af
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/header/th/logo.svg HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 03 Feb 2022 14:35:58 GMT
accept-ranges: bytes
etag: "05ba05bb19d81:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 20535
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/banner/banner_VN/bg-03.jpg
13.250.173.21200 OK 176 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/banner/banner_VN/bg-03.jpg
IP 13.250.173.21:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x623, components 3\012- data
Size 176 kB (176202 bytes)
Hash 95b91047d1b3850368e296b240dfb3af
473c772d87d8590cc707fbee75fb554da5a5fa6a
53c942a83ca3bcf16996b36c10bff3734e0a86a34b9483ce8974d8f41e73b864
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/banner/banner_VN/bg-03.jpg HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/countries/shared.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Fri, 30 Sep 2022 15:26:22 GMT
accept-ranges: bytes
etag: "37d839ffe0d4d81:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 176202
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7d9fb5da357fe95db9f48d7d3f5aadcc
7d159f56a2ea97ff9f91867b215d5302c4519527
b69bf70fc1082610960210053ddffcd24e559711414414fd8c9b3b264caaad6d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=91049
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:32 GMT
Etag: "637ccf15-116"
Expires: Thu, 24 Nov 2022 13:31:01 GMT
Last-Modified: Tue, 22 Nov 2022 13:31:01 GMT
Server: nginx
Content-Length: 278
sgcdn.gkfxprime.com/web/img/home/banner/banner_en/new-banner-1.png
13.250.173.21200 OK 293 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/banner/banner_en/new-banner-1.png
IP 13.250.173.21:0
File type PNG image data, 1920 x 623, 8-bit colormap, non-interlaced\012- data
Size 293 kB (292682 bytes)
Hash 9ac8989c09232dcccf99515f07f0907c
8d965c77a720e23d2ddb1d036429d4901a1947ae
a9c9bbd23ce27f2778a68f9dc4b16543e83879d51edfb46b043e1d0b3f8f3130
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/banner/banner_en/new-banner-1.png HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/countries/shared.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 08 Dec 2020 13:12:48 GMT
accept-ranges: bytes
etag: "0488d363cdd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 292682
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/carousel/arrow.svg
13.250.173.21200 OK 923 B URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/carousel/arrow.svg
IP 13.250.173.21:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (340)
Hash cf1d810fdb3a08cb61abbb3e161a3102
51775c0f20fffcf95ac27e23f23b88e4c826f377
fb73b55be6913d3821d121dfc175ab782a28a1a3c75e9899a4364e3475dec132
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/carousel/arrow.svg HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/countries/shared.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 03 Feb 2022 14:36:00 GMT
accept-ranges: bytes
etag: "088d15cb19d81:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 923
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/instruments/border-yellow.png
13.250.173.21200 OK 1.1 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/instruments/border-yellow.png
IP 13.250.173.21:0
File type PNG image data, 241 x 141, 8-bit colormap, non-interlaced\012- data
Hash d61cac04d40adcde3e1abc8cd835791d
46809bc27fa5f4047d542ab88a36f3368655ad9a
449122f6a23a4aec24766d1a676e365b073777f7e88db276e288f2d277fe32de
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/instruments/border-yellow.png HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Sun, 28 Jun 2020 10:16:30 GMT
accept-ranges: bytes
etag: "f92fec30354dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 1072
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/home/instruments/border-purple.png
13.250.173.21200 OK 845 B URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/instruments/border-purple.png
IP 13.250.173.21:0
File type PNG image data, 241 x 141, 8-bit colormap, non-interlaced\012- data
Hash 90aa018ad24bc4f13c2d2b2e1bc4290e
4ce0b6c428398330def676bd1cff854425ddba87
d25ee6a0d1bb641032938b0d3932f4238da41a0167bab89d0801477ed64bbda1
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/instruments/border-purple.png HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Sun, 28 Jun 2020 10:16:30 GMT
accept-ranges: bytes
etag: "f92fec30354dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 845
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/footer/footer-top.png
13.250.173.21200 OK 9.0 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/footer/footer-top.png
IP 13.250.173.21:0
File type PNG image data, 1920 x 65, 8-bit/color RGBA, non-interlaced\012- data
Hash 4afeb3754fbf2e24464895470c57577e
b38ae8d863ed6414d291a18a0c17022451854d61
c366c8caeb4faaeae949a6bf7704d2cf19729f2d89084b841ac786d77e07ccde
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/footer/footer-top.png HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Sun, 28 Jun 2020 10:16:30 GMT
accept-ranges: bytes
etag: "2744e030354dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 8998
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/img/footer/phone-icon.svg
13.250.173.21200 OK 3.2 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/footer/phone-icon.svg
IP 13.250.173.21:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (398)
Hash caa7f673cac6d2ef954ae13cdf5722ad
6bc6e207f4f100139509a3a7192112eec72ea3f7
f9b5c578799244bec51b1f8c31c8d6536d083873bdf267113a5748199ae7ec78
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/footer/phone-icon.svg HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 06 Apr 2021 12:35:15 GMT
accept-ranges: bytes
etag: "1cac6d4be12ad71:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 3247
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/fonts/SourceSansPro-SemiBold.woff2
13.250.173.21200 OK 86 kB URL HTTP/2 sgcdn.gkfxprime.com/web/fonts/SourceSansPro-SemiBold.woff2
IP 13.250.173.21:0
File type Web Open Font Format (Version 2), TrueType, length 86328, version 1.0\012- data
Hash 18496ca5006aea352108719a253cf00f
c3761395bc682bee6833b67d2e108d83bf8e381f
bad0ccd99f81b1baf8253bc6fab7adbce30b8bbc6f6b4fcf5375340a7928206c
Analyzer Verdict Alert quad9 Sinkholed
GET /web/fonts/SourceSansPro-SemiBold.woff2 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Sat, 27 Jun 2020 08:54:15 GMT
accept-ranges: bytes
etag: "3153ff88604cd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 86328
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/fonts/SourceSansPro-Bold.woff2
13.250.173.21200 OK 86 kB URL HTTP/2 sgcdn.gkfxprime.com/web/fonts/SourceSansPro-Bold.woff2
IP 13.250.173.21:0
File type Web Open Font Format (Version 2), TrueType, length 85604, version 1.0\012- data
Hash 430e4ce342b490cfb174bc3fd471a23f
f90ca85ec32257bf834a90596325475c4199904e
a97946d41d51639401ab9597da5ff757869d111c9f1fa805296d533854d13305
Analyzer Verdict Alert quad9 Sinkholed
GET /web/fonts/SourceSansPro-Bold.woff2 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Sat, 27 Jun 2020 08:54:15 GMT
accept-ranges: bytes
etag: "fb6ff388604cd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 85604
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/fonts/ProximaNova-Light.woff2
13.250.173.21200 OK 26 kB URL HTTP/2 sgcdn.gkfxprime.com/web/fonts/ProximaNova-Light.woff2
IP 13.250.173.21:0
File type Web Open Font Format (Version 2), TrueType, length 25800, version 1.0\012- data
Hash 8368423724f8932d4e2db940c5c755de
2c4b95d374d9f9b96c0c48b7eecd115b6aeee7ab
53c74252d62b48e192370e373cd8ced82e7008523d0c0fabfc6c95d5b5583d02
Analyzer Verdict Alert quad9 Sinkholed
GET /web/fonts/ProximaNova-Light.woff2 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Fri, 26 Jun 2020 12:23:08 GMT
accept-ranges: bytes
etag: "30a7fa8cb44bd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 25800
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/fonts/gkfxprime-icon-font.ttf?pe8gf7
13.250.173.21200 OK 92 kB URL HTTP/2 sgcdn.gkfxprime.com/web/fonts/gkfxprime-icon-font.ttf?pe8gf7
IP 13.250.173.21:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, gkfxprime-icon-font\012- data
Hash 15ec32288cf7946b67a4971e3f723ede
431b50c8a9e26477246ff24106304c3baf3dadf5
ab255a2070f60c0c5ad87f0bff4dbda15d64da9f04b7413cf6a847f3c9505d4d
Analyzer Verdict Alert quad9 Sinkholed
GET /web/fonts/gkfxprime-icon-font.ttf?pe8gf7 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Fri, 28 Aug 2020 12:22:22 GMT
accept-ranges: bytes
etag: "23f17ee1357dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 92100
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/fonts/SourceSansPro-Regular.woff2
13.250.173.21200 OK 88 kB URL HTTP/2 sgcdn.gkfxprime.com/web/fonts/SourceSansPro-Regular.woff2
IP 13.250.173.21:0
File type Web Open Font Format (Version 2), TrueType, length 87612, version 1.0\012- data
Hash 3125381951c8362bf2515eec9f957655
60e847e79313aaf3c1a6e166d1cb8811c2a85d0c
530c995aa8621fba6dda9ffb4c02e145b72029a518a92138a26f7820395fe5d9
Analyzer Verdict Alert quad9 Sinkholed
GET /web/fonts/SourceSansPro-Regular.woff2 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Sat, 27 Jun 2020 08:54:15 GMT
accept-ranges: bytes
etag: "af8efa88604cd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 87612
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/fonts/SourceSansPro-Light.woff2
13.250.173.21200 OK 86 kB URL HTTP/2 sgcdn.gkfxprime.com/web/fonts/SourceSansPro-Light.woff2
IP 13.250.173.21:0
File type Web Open Font Format (Version 2), TrueType, length 86104, version 1.0\012- data
Hash 80464fd340775a3dab89401f6b984cc6
c3baafb0b2efbeb8ba5212df661e0c1cd3613e21
f7a7d4692dc1fee96351c9ce78dfb7875683cabc158ee5d913eca74296d4caa7
Analyzer Verdict Alert quad9 Sinkholed
GET /web/fonts/SourceSansPro-Light.woff2 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Sat, 27 Jun 2020 08:54:15 GMT
accept-ranges: bytes
etag: "a12df888604cd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 86104
X-Firefox-Spdy: h2
pds.gkfxprime.com/Quote/GetSymbolsByType?instrumentType=undefined
107.154.80.92200 OK 341 B URL HTTP/2 pds.gkfxprime.com/Quote/GetSymbolsByType?instrumentType=undefined
IP 107.154.80.92:0
Hash 75bff6ded459915494b6b6a8ae7b96ff
acbe2aa7dbf5c2f0ae852eb40e8977dde23290a0
f281143cc7e0fbce6d2017eaaf867610cc7a4beb5d8787541591bbb664eaf628
Analyzer Verdict Alert quad9 Sinkholed
GET /Quote/GetSymbolsByType?instrumentType=undefined HTTP/1.1
Host: pds.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: application/json; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 23 Nov 2022 12:13:32 GMT
set-cookie: visid_incap_2389038=a6CLpubDSE+B1E+5BhB/m2wOfmMAAAAAQUIPAAAAAAB0c+934Ufc3A24oqHokc9A; expires=Wed, 22 Nov 2023 22:15:12 GMT; HttpOnly; path=/; Domain=.gkfxprime.com; Secure; SameSite=None
incap_ses_7235_2389038=yYg5PMFydRaFMliQr+JnZGwOfmMAAAAA6GEgQvRVF06NmwXKXL98Ug==; path=/; Domain=.gkfxprime.com; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 10-10241480-10241482 NNYN CT(40 91 0) RT(1669205612035 15) q(0 0 1 0) r(2 2) U2
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 23 Nov 2022 10:41:08 GMT
expires: Wed, 23 Nov 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 5544
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b2b92f1110c82662bfa1addc9bab3130
d6f86300cbfd5b21b3d505c08ffd6edef34b654a
6914944644172d563d0d7c2a5084690fce86ead13949ff29f42842d4bb6e0734
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1250b52cd79fc95fb80fa7c04e05724
4a6eb06d8da54d1cc48a9c7a6e2bc734512bbdaa
b8baee67fc655fa71070721c3de9dc1b1523edceb8078b1bed6a2b52768f9245
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4027
Cache-Control: max-age=163475
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:32 GMT
Etag: "637dda44-1d7"
Expires: Fri, 25 Nov 2022 09:38:07 GMT
Last-Modified: Wed, 23 Nov 2022 08:31:00 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
sgcdn.gkfxprime.com/web/img/home/carousel/en/bg-03.jpg
13.250.173.21200 OK 45 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/home/carousel/en/bg-03.jpg
IP 13.250.173.21:0
Hash d60f7f93f348c242a68309b5d34a7c1e
8f652754d70aa42c3fdc28c93e1f8fc59a247b23
8afe67a1d03823c38259542ee89acf703e337964eab8139ceead5aad4ed06a73
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/home/carousel/en/bg-03.jpg HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sgcdn.gkfxprime.com/web/css/countries/shared.vn.min.css?v=1.0.1799
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Fri, 23 Sep 2022 07:06:45 GMT
accept-ranges: bytes
etag: "812dc4a1bcfd81:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:31 GMT
content-length: 113504
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/864172428/?random=1669205608156&cv=11&fst=1669205608156&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&auid=796474590.1669205608&rfmt=3&fmt=4
142.250.74.98200 OK 946 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/864172428/?random=1669205608156&cv=11&fst=1669205608156&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&auid=796474590.1669205608&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2097), with no line terminators
Hash b117910b0d2d2ff3c108bb315907fd26
b688aedf23f67c81277223d155bc00daaf0e9bdb
663e743b5bfc44e64a3d69cf7c139346435b004f6617387b548d54ce393e5a0a
GET /pagead/viewthroughconversion/864172428/?random=1669205608156&cv=11&fst=1669205608156&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&auid=796474590.1669205608&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 23 Nov 2022 12:13:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 946
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 23-Nov-2022 12:28:32 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
script.hotjar.com/modules.0d75824b099eb7b32f1f.js
143.204.55.46200 OK 69 kB URL HTTP/2 script.hotjar.com/modules.0d75824b099eb7b32f1f.js
IP 143.204.55.46:0
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash b294023b3c56dde4182e2fa3b4a97978
d14b1b6c41e04b97fb9c73429f40ff044fafb1eb
a7a228c956033136490f303680ea4c5813f49ae4e38ff1aa500661597a9c771c
GET /modules.0d75824b099eb7b32f1f.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 68604
date: Wed, 23 Nov 2022 11:19:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "b294023b3c56dde4182e2fa3b4a97978"
last-modified: Wed, 23 Nov 2022 11:18:28 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -dC5z-BFAcaQFSeDxD6paD30quK3_HQ9lp8IfN_OeT_c-30nUVfSLA==
age: 3267
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2048792.js?sv=6
143.204.55.54200 OK 2.1 kB URL HTTP/2 static.hotjar.com/c/hotjar-2048792.js?sv=6
IP 143.204.55.54:0
File type ASCII text, with very long lines (3790)
Hash 3dc0fbd7742db2a51076244494f9ffe3
2fd050e17ca8e34fb27d5d8f5d688760a4c79cfb
e16ddcc0d24e165919abed03f0a314ea6c5855eaa545bbf8ef1decfd38d019e8
GET /c/hotjar-2048792.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Wed, 23 Nov 2022 12:13:32 GMT
cache-control: max-age=60
etag: W/512a93ae79704fbf0772e6a3a580ae52
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ykrNGxvk6m0bQ2i9If7EedcuOBYnPNjGbttusjXQ-n2Rp0s3yRhGag==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b2b92f1110c82662bfa1addc9bab3130
d6f86300cbfd5b21b3d505c08ffd6edef34b654a
6914944644172d563d0d7c2a5084690fce86ead13949ff29f42842d4bb6e0734
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1250b52cd79fc95fb80fa7c04e05724
4a6eb06d8da54d1cc48a9c7a6e2bc734512bbdaa
b8baee67fc655fa71070721c3de9dc1b1523edceb8078b1bed6a2b52768f9245
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4028
Cache-Control: max-age=163475
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:33 GMT
Etag: "637dda44-1d7"
Expires: Fri, 25 Nov 2022 09:38:08 GMT
Last-Modified: Wed, 23 Nov 2022 08:31:00 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c04aed338f8610ba6b0acc4ab749c52e
9cce76bf45ca7cb7e101d6c5c8013ecc83f188a4
4d4e0d35a6f2357ff749b146e4f0fdff7f5f8631b3e6efee952f5c82fb256fbd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ae7674294f5a17ef8761b33ac4dad848
30a771e623dd1e3cb8694bb5f71393aaa9e87b6a
cac85ed50ce25c45d5093aaaa231a0d1cd9667f47bd2312947070ba202c5d96b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/864172428/?random=1669205608156&cv=11&fst=1669204800000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&fmt=3&is_vtc=1&random=2291939661&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/864172428/?random=1669205608156&cv=11&fst=1669204800000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&fmt=3&is_vtc=1&random=2291939661&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/864172428/?random=1669205608156&cv=11&fst=1669204800000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&fmt=3&is_vtc=1&random=2291939661&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 23 Nov 2022 12:13:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vars.hotjar.com/box-c6ca1c87e308a39aabb76b56ba54398b.html
143.204.55.118200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-c6ca1c87e308a39aabb76b56ba54398b.html
IP 143.204.55.118:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash b6d25d1350d6a014d80689f389e76f97
a957e3d99790759f71a4d9e2fdaf819f60e8c569
fb2a1528b99d3eb4c9374642b5045efaf6e06666fdd48a55560a375449b01079
GET /box-c6ca1c87e308a39aabb76b56ba54398b.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Fri, 04 Nov 2022 12:22:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "b6d25d1350d6a014d80689f389e76f97"
last-modified: Fri, 04 Nov 2022 12:21:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0ph_FIt9E4k3tAgt6Su_38PeibR2Su1DmNpg8I_dlevaS-i2s-2BRw==
age: 1641087
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/864172428/?random=1669205608156&cv=11&fst=1669204800000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&fmt=3&is_vtc=1&random=2291939661&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/864172428/?random=1669205608156&cv=11&fst=1669204800000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&fmt=3&is_vtc=1&random=2291939661&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/864172428/?random=1669205608156&cv=11&fst=1669204800000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.gkfxprime.com%2FVN&tiba=Giao%20d%E1%BB%8Bch%20Forex%20%26%20C%E1%BB%95%20phi%E1%BA%BFu%2C%20Ch%E1%BB%89%20s%E1%BB%91%2C%20CFD%20Kim%20lo%E1%BA%A1i%20%26%20D%E1%BA%A7u%20m%E1%BB%8F%20%7C%20GKFX%20Prime&fmt=3&is_vtc=1&random=2291939661&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 23 Nov 2022 12:13:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c04aed338f8610ba6b0acc4ab749c52e
9cce76bf45ca7cb7e101d6c5c8013ecc83f188a4
4d4e0d35a6f2357ff749b146e4f0fdff7f5f8631b3e6efee952f5c82fb256fbd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8069f5e67c25fc0b7388ba5d4decd8c9
64a85ba44c80ea206f4382f573c3d61e4f607ccf
7587cd04333ddf1cff15ae219cb8fca0618786a9fe4cee989975f4d50889e72a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sgcdn.gkfxprime.com/web/img/header/favicon.ico
13.250.173.21200 OK 44 kB URL HTTP/2 sgcdn.gkfxprime.com/web/img/header/favicon.ico
IP 13.250.173.21:0
File type MS Windows icon resource - 9 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel\012- data
Hash 8ea27732c9dc3890e7460389ca7b0d3c
4a3045c0798bb3eb8757546378fd4d6c9dc42e98
6408124c612749f998c36dc489f8c1dffdf805f008fb47d288258231486b15bc
Analyzer Verdict Alert quad9 Sinkholed
GET /web/img/header/favicon.ico HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
last-modified: Fri, 26 Jun 2020 12:23:07 GMT
accept-ranges: bytes
etag: "439d6d8cb44bd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:33 GMT
content-length: 43646
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-89540528-1&cid=2058390573.1669205613&jid=1621004531&gjid=905149611&_gid=521258822.1669205613&_u=aEBAAEAAQAAAACAAI~&z=1887158560
142.251.1.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-89540528-1&cid=2058390573.1669205613&jid=1621004531&gjid=905149611&_gid=521258822.1669205613&_u=aEBAAEAAQAAAACAAI~&z=1887158560
IP 142.251.1.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-89540528-1&cid=2058390573.1669205613&jid=1621004531&gjid=905149611&_gid=521258822.1669205613&_u=aEBAAEAAQAAAACAAI~&z=1887158560 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.gkfxprime.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 23 Nov 2022 12:13:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash f16514f0475beb63eb32a309cbeee900
f21b9af505ce6c0b1a826ee9e2936f0bb16d7246
3c705c09d16e11fbf961fa2c48fc00397b9dece65f201342fa7067620b437b9d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98964
Date: Wed, 23 Nov 2022 12:13:33 GMT
Etag: "637ce9df-1d7"
Expires: Thu, 24 Nov 2022 15:42:57 GMT
Last-Modified: Tue, 22 Nov 2022 15:25:19 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0Hi0pP0r8_1UlVOSX04wrqdnraUA5ZP27KzEFIPwjub8Jdnym5vxdQ==
Age: 1058
in.hotjar.com/api/v2/client/sites/2048792/visit-data?sv=6
63.35.111.165200 OK 137 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/2048792/visit-data?sv=6
IP 63.35.111.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash efcd5932a2aebe7eb6a516dd20ed2446
8333b3d99d90c0e406388c2142c677c8946001be
48c91f69d9bd5e1d17bb328c354355eaf8c714f2619fd0327fec0f7ef242746b
POST /api/v2/client/sites/2048792/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 131
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 12:13:33 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=336390533511721&ev=PageView&dl=https%3A%2F%2Fwww.gkfxprime.com%2FVN&rl=&if=false&ts=1669205612853&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669205612853.866854407&it=1669205612604&coo=false&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=336390533511721&ev=PageView&dl=https%3A%2F%2Fwww.gkfxprime.com%2FVN&rl=&if=false&ts=1669205612853&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669205612853.866854407&it=1669205612604&coo=false&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=336390533511721&ev=PageView&dl=https%3A%2F%2Fwww.gkfxprime.com%2FVN&rl=&if=false&ts=1669205612853&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669205612853.866854407&it=1669205612604&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 23 Nov 2022 12:13:33 GMT
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 23 Nov 2022 12:13:33 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 1616
x-timer: S1669205614.692815,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box1.jpg?v=1.0.1799
13.250.173.21200 OK 22 kB URL HTTP/2 sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box1.jpg?v=1.0.1799
IP 13.250.173.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 388x175, components 3\012- data
Hash 368dd47ce325543e21fc1f92301e6c57
625fe6c3448c6d0a5ed33f795e6a0b53d69f7f03
ad123e3815c1f44e67bb8a9eed326bbf5d0812e4a998ca578fe7655c0781c022
Analyzer Verdict Alert quad9 Sinkholed
GET /userfiles/promotionnews/VN/vn-box1.jpg?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608; _ga=GA1.2.2058390573.1669205613; _gid=GA1.2.521258822.1669205613; _gat_UA-89540528-1=1; _hjSessionUser_2048792=eyJpZCI6IjYzYWIxMTIwLWE3NDQtNWI4My1iYzk2LTFiYzZkYTRkYTg3ZCIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2MzEsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_2048792=eyJpZCI6IjM3YzdkMjM2LTE4YzctNGJhOC04NjUzLTk2MWQ4YjliNzllMyIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2NTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _fbp=fb.1.1669205612853.866854407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Tue, 19 May 2020 15:13:15 GMT
accept-ranges: bytes
etag: "7796ed4f02dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:33 GMT
content-length: 21523
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box2.jpg?v=1.0.1799
13.250.173.21200 OK 24 kB URL HTTP/2 sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box2.jpg?v=1.0.1799
IP 13.250.173.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 375x172, components 3\012- data
Hash 2fdc2f8f6301f4aaac7263eae6a132f6
0ab319281da7131f19303df1e2092c02db2e2f6d
a9edc3e0bffb254e077d3bc42b075dee332f6efd9908e31c72edb198779aea64
Analyzer Verdict Alert quad9 Sinkholed
GET /userfiles/promotionnews/VN/vn-box2.jpg?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608; _ga=GA1.2.2058390573.1669205613; _gid=GA1.2.521258822.1669205613; _gat_UA-89540528-1=1; _hjSessionUser_2048792=eyJpZCI6IjYzYWIxMTIwLWE3NDQtNWI4My1iYzk2LTFiYzZkYTRkYTg3ZCIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2MzEsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_2048792=eyJpZCI6IjM3YzdkMjM2LTE4YzctNGJhOC04NjUzLTk2MWQ4YjliNzllMyIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2NTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _fbp=fb.1.1669205612853.866854407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Tue, 19 May 2020 15:17:29 GMT
accept-ranges: bytes
etag: "c7db899cf02dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:33 GMT
content-length: 24505
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box3.jpg?v=1.0.1799
13.250.173.21200 OK 21 kB URL HTTP/2 sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box3.jpg?v=1.0.1799
IP 13.250.173.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 388x181, components 3\012- data
Hash 34f45989a90686c2ee46e82db5344253
d66eaa862ce13fbcf225d7f8bfe78441614f4a23
f61e3a8768b212bb2d0001b8eee7eb02a8452a19ebbf7c2e5a76b182c1a850e9
Analyzer Verdict Alert quad9 Sinkholed
GET /userfiles/promotionnews/VN/vn-box3.jpg?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608; _ga=GA1.2.2058390573.1669205613; _gid=GA1.2.521258822.1669205613; _gat_UA-89540528-1=1; _hjSessionUser_2048792=eyJpZCI6IjYzYWIxMTIwLWE3NDQtNWI4My1iYzk2LTFiYzZkYTRkYTg3ZCIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2MzEsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_2048792=eyJpZCI6IjM3YzdkMjM2LTE4YzctNGJhOC04NjUzLTk2MWQ4YjliNzllMyIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2NTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _fbp=fb.1.1669205612853.866854407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Tue, 19 May 2020 15:18:08 GMT
accept-ranges: bytes
etag: "1dda91b3f02dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:33 GMT
content-length: 21124
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box4.jpg?v=1.0.1799
13.250.173.21200 OK 23 kB URL HTTP/2 sgcdn.gkfxprime.com/userfiles/promotionnews/VN/vn-box4.jpg?v=1.0.1799
IP 13.250.173.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 393x179, components 3\012- data
Hash bdcb0fbd60df71c8f46893b2fe13a912
57d1348fa5e9fe4e6f5335589367a5d57521ce78
09eca1da1ca3552b1607ccf8cf99ed00f06fcab580cba99247e950dede210b7c
Analyzer Verdict Alert quad9 Sinkholed
GET /userfiles/promotionnews/VN/vn-box4.jpg?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608; _ga=GA1.2.2058390573.1669205613; _gid=GA1.2.521258822.1669205613; _gat_UA-89540528-1=1; _hjSessionUser_2048792=eyJpZCI6IjYzYWIxMTIwLWE3NDQtNWI4My1iYzk2LTFiYzZkYTRkYTg3ZCIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2MzEsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_2048792=eyJpZCI6IjM3YzdkMjM2LTE4YzctNGJhOC04NjUzLTk2MWQ4YjliNzllMyIsImNyZWF0ZWQiOjE2NjkyMDU2MTI2NTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _fbp=fb.1.1669205612853.866854407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Tue, 19 May 2020 15:18:43 GMT
accept-ranges: bytes
etag: "1d5c2c8f02dd61:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:33 GMT
content-length: 22691
X-Firefox-Spdy: h2
widget.intercom.io/widget/lksyqyqd
54.230.111.119200 OK 6.2 kB URL HTTP/2 widget.intercom.io/widget/lksyqyqd
IP 54.230.111.119:0
File type Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Hash 52fd7af2fb8bfa4b5c290d1adc563763
c3de4f291ea313d9415dccfe12b9e33d71d90a0c
9629a7428fa9f3cc715751bab1e8e8d142df73fe00f3fb71ae18f87784ddb845
GET /widget/lksyqyqd HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6169
date: Wed, 23 Nov 2022 12:07:13 GMT
last-modified: Wed, 23 Nov 2022 12:07:09 GMT
etag: "52fd7af2fb8bfa4b5c290d1adc563763"
x-amz-server-side-encryption: AES256
cache-control: max-age=900, s-maxage=900, public
content-encoding: gzip
x-amz-version-id: QUrS5saO6S_gC9A2NcmoEVgRSMqR2A83
accept-ranges: bytes
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: uICmspX4aSRw9MnQ2RXr92ch7FYuNTnbwbe2P5TL5U1WIKfJF4DeYw==
age: 382
vary: Origin
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.3e88f4f1.js
143.204.55.72200 OK 137 kB URL HTTP/2 js.intercomcdn.com/frame.3e88f4f1.js
IP 143.204.55.72:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136965 bytes)
Hash e9f3f55de2fe9d3d79501177a0b8f65f
484e313c9a1277f201fc61c2c515b12d9c953fcd
cf273e15136b98780f604fbf30dcec49e7f698d9a4dbdcb515b5f77873430549
GET /frame.3e88f4f1.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 136965
date: Wed, 23 Nov 2022 12:07:13 GMT
last-modified: Wed, 23 Nov 2022 12:05:38 GMT
etag: "e9f3f55de2fe9d3d79501177a0b8f65f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: ymoHe5Ntdjyx_efISf9eW2Ijdjw0W.HQ
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: eopKi_RP3N4onHY5eJFlXJuHm3QvuO1ed7WDZ971SI146TkissVsHQ==
age: 381
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash baffd3e716a1897f32040c2007c00405
d6a5b7f949699cc9d3363dcda824589227697650
669eacbb89cdf4a54de16215fed686ae6adceabb169410ccc9c5845a867f5ac4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=104080
Date: Wed, 23 Nov 2022 12:13:34 GMT
Etag: "637cf7ed-1d7"
Expires: Thu, 24 Nov 2022 17:08:14 GMT
Last-Modified: Tue, 22 Nov 2022 16:25:17 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PyvGbQkvDyHPvl2WdewsHc9MS91JEX6maZ-BVhNM010-2AeVHgerJw==
Age: 2577
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 81858a4525cb55b4f690cda99feb6155
358fb3af30b9a08a0aa5228df20916a023f74e57
6a868a08d4d1f722fdb9e97bdeb30592254e7a0a2694223ce3e5d1bf444d1c3a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=87730
Date: Wed, 23 Nov 2022 12:13:34 GMT
Etag: "637cb717-1d7"
Expires: Thu, 24 Nov 2022 12:35:44 GMT
Last-Modified: Tue, 22 Nov 2022 11:48:39 GMT
Server: ECS (dcb/7EC8)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: t7mCFro_CrOz-yevEd9sbw21S7UTjhjv32ookKXN0R3uheXCYLEnTw==
Age: 2825
c.cokhach.com/cokhach.js
104.21.28.81200 OK 5 B IP 104.21.28.81:0
File type very short file (no magic)
Hash 7358affe53f645d166f6e5c5bc7da7d8
2664f426239461e36cb1c7bb41735f9d6fd0e4c4
b07f780f0b8ddda97a58543e832c8f81eab0976d32f0ae27f71df6a769d5229d
GET /cokhach.js HTTP/1.1
Host: c.cokhach.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 12:13:34 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
x-frame-options: ALLOWALL
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iDhzs0OB0BEZO0wxobMyMrb%2BT3pdVoMcwQjF6SAzY6CzEuJbvgGfEtRwb4fL4iaLXa4aZ5Mjf%2FdYFYN3WucamyrBGRt8rp1ZqKGhKrgSTSi4HNCc0rgVKJZHtE2p3BC6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e9d1cdcacf0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ab1d9a2748ef3a430a5c05674fb8ba1d
0a8618b70fb7e499cbeaa19faa1c85613461c81d
3c278009f182b8add676723d562381b72215391cbeb534b18abef1e97d8aba6d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5410
Cache-Control: max-age=112303
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 12:13:35 GMT
Etag: "637d0cfc-1d7"
Expires: Thu, 24 Nov 2022 19:25:18 GMT
Last-Modified: Tue, 22 Nov 2022 17:55:08 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
bam.eu01.nr-data.net/1/NRJS-1878adbf136ae082951?a=357149862&v=1216.487a282&to=MhBSZQoZWBFYWxdZXQtafWc7V34NVF0gX1wRB19dFB1ETXBWB1VK&rst=6301&ck=1&ref=https://www.gkfxprime.com/VN&ap=142&be=899&fe=6213&dc=4532&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669205606941,%22n%22:0,%22f%22:391,%22dn%22:419,%22dne%22:440,%22c%22:441,%22s%22:452,%22ce%22:469,%22rq%22:469,%22rp%22:789,%22rpe%22:789,%22dl%22:877,%22di%22:4418,%22ds%22:4531,%22de%22:4536,%22dc%22:6210,%22l%22:6211,%22le%22:6233%7D,%22navigation%22:%7B%7D%7D&fcp=4573&jsonp=NREUM.setToken
185.221.85.3200 OK 72 B URL HTTP/1.1 bam.eu01.nr-data.net/1/NRJS-1878adbf136ae082951?a=357149862&v=1216.487a282&to=MhBSZQoZWBFYWxdZXQtafWc7V34NVF0gX1wRB19dFB1ETXBWB1VK&rst=6301&ck=1&ref=https://www.gkfxprime.com/VN&ap=142&be=899&fe=6213&dc=4532&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669205606941,%22n%22:0,%22f%22:391,%22dn%22:419,%22dne%22:440,%22c%22:441,%22s%22:452,%22ce%22:469,%22rq%22:469,%22rp%22:789,%22rpe%22:789,%22dl%22:877,%22di%22:4418,%22ds%22:4531,%22de%22:4536,%22dc%22:6210,%22l%22:6211,%22le%22:6233%7D,%22navigation%22:%7B%7D%7D&fcp=4573&jsonp=NREUM.setToken
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/NRJS-1878adbf136ae082951?a=357149862&v=1216.487a282&to=MhBSZQoZWBFYWxdZXQtafWc7V34NVF0gX1wRB19dFB1ETXBWB1VK&rst=6301&ck=1&ref=https://www.gkfxprime.com/VN&ap=142&be=899&fe=6213&dc=4532&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669205606941,%22n%22:0,%22f%22:391,%22dn%22:419,%22dne%22:440,%22c%22:441,%22s%22:452,%22ce%22:469,%22rq%22:469,%22rp%22:789,%22rpe%22:789,%22dl%22:877,%22di%22:4418,%22ds%22:4531,%22de%22:4536,%22dc%22:6210,%22l%22:6211,%22le%22:6233%7D,%22navigation%22:%7B%7D%7D&fcp=4573&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 12:13:35 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 76e9d1d789b595f4-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=454cef0528735fb2; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4MeWgxPC0kqnF76ReCgbFsYe2AD9ymzKpTpuUHyQ%2FWdLSKIkJhdqHe6L26ZZr5Mf4dOY7Pts%2FHqiMUF8G67cmxbPsJNAQwhvThwdaGmMe89pr6xSsrfwy4LUVSqEQiXk21avlTE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.eu01.nr-data.net/events/1/NRJS-1878adbf136ae082951?a=357149862&v=1216.487a282&to=MhBSZQoZWBFYWxdZXQtafWc7V34NVF0gX1wRB19dFB1ETXBWB1VK&rst=7981&ck=1&ref=https://www.gkfxprime.com/VN
185.221.85.3200 OK 24 B URL HTTP/1.1 bam.eu01.nr-data.net/events/1/NRJS-1878adbf136ae082951?a=357149862&v=1216.487a282&to=MhBSZQoZWBFYWxdZXQtafWc7V34NVF0gX1wRB19dFB1ETXBWB1VK&rst=7981&ck=1&ref=https://www.gkfxprime.com/VN
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-1878adbf136ae082951?a=357149862&v=1216.487a282&to=MhBSZQoZWBFYWxdZXQtafWc7V34NVF0gX1wRB19dFB1ETXBWB1VK&rst=7981&ck=1&ref=https://www.gkfxprime.com/VN HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 539
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 12:13:35 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 76e9d1d85a8095f4-ARN
Access-Control-Allow-Origin: https://www.gkfxprime.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=854KTa4rGGTD2QWWWxkzmWAgHFBPvnhX8lM7yTI6tMbhm8mnRkNPeDp7fUsny4sQrl9bFffGWrCJBAOgoOdTcxV502ByuXRjlBkN7aopJD3L6OGAIu4TpX85myPCo2eEq1FcrOuk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
api-iam.intercom.io/messenger/web/ping
52.45.168.243200 OK 1.9 kB URL HTTP/2 api-iam.intercom.io/messenger/web/ping
IP 52.45.168.243:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5524), with no line terminators
Hash 804a0b7204ab2bebff10cffc774920fd
9320a6da31216a4f23ad9eb0f918beb0cc002ed0
fd25d1334d1c4b7a54abc33441ad894fce27ce4e3b2921c9c1dcd17d3df30536
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 508
Origin: https://www.gkfxprime.com
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 12:13:35 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1669205620
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13331
access-control-allow-origin: https://www.gkfxprime.com
vary: Accept,Accept-Encoding
x-intercom-version: da4ceca6234d0236cdf5878490cbec98052d00e8
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0000s6qso3mggpsh9fpg
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"ef1c7981641364b19ddc125609e9cc63"
x-runtime: 0.296392
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-05dcf007a1eb86c5b
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
13.250.173.21200 OK 0 B URL HTTP/2 sgcdn.gkfxprime.com/web/css/home.vn.min.css?v=1.0.1799
IP 13.250.173.21:0
Analyzer Verdict Alert quad9 Sinkholed
GET /web/css/home.vn.min.css?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/css
content-encoding: gzip
last-modified: Fri, 23 Sep 2022 07:06:36 GMT
accept-ranges: bytes
etag: "57d23851bcfd81:0"
vary: Accept-Encoding,Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
X-Firefox-Spdy: h2
rpdn.relateddigital.com/rdsdk/D04B4265116B401EBAF660E17196860F/df01114c-6fc8-4743-870a-eedd8f581ee5.js
13.107.227.53200 OK 0 B URL HTTP/2 rpdn.relateddigital.com/rdsdk/D04B4265116B401EBAF660E17196860F/df01114c-6fc8-4743-870a-eedd8f581ee5.js
IP 13.107.227.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /rdsdk/D04B4265116B401EBAF660E17196860F/df01114c-6fc8-4743-870a-eedd8f581ee5.js HTTP/1.1
Host: rpdn.relateddigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.gkfxprime.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=86400
content-type: application/javascript
content-encoding: br
content-md5: SWHaezqJ0Z3qM2Cg5sYf1g==
last-modified: Mon, 08 Aug 2022 10:26:51 GMT
etag: 0x8DA792881FC8E1F
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_MISS
x-ms-request-id: fb76ec42-801e-0012-3534-ff8447000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref-originshield: 0aQ5+YwAAAAA6o2d/lTv0QLucRcgtdmqKQU1TMDRFREdFMTgwOAAxMTJlYjUwMC1jZmNiLTRmM2MtYTliMC1lYjZkMjVjZjI4NDM=
x-azure-ref: 0aQ5+YwAAAADBFgRF3f/IQ4V7HmiGv1b0T1NMMjMxMDUwMjA0MDUzADExMmViNTAwLWNmY2ItNGYzYy1hOWIwLWViNmQyNWNmMjg0Mw==
date: Wed, 23 Nov 2022 12:13:28 GMT
X-Firefox-Spdy: h2
sgcdn.gkfxprime.com/bundles/BaseBundle?v=1.0.1799
13.250.173.21200 OK 0 B URL HTTP/2 sgcdn.gkfxprime.com/bundles/BaseBundle?v=1.0.1799
IP 13.250.173.21:0
Analyzer Verdict Alert quad9 Sinkholed
GET /bundles/BaseBundle?v=1.0.1799 HTTP/1.1
Host: sgcdn.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: text/javascript; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding,Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
access-control-allow-origin: *
date: Wed, 23 Nov 2022 12:13:29 GMT
X-Firefox-Spdy: h2
js.intercomcdn.com/vendor.48f54f31.js
143.204.55.72200 OK 0 B URL HTTP/2 js.intercomcdn.com/vendor.48f54f31.js
IP 143.204.55.72:0
GET /vendor.48f54f31.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 108150
date: Wed, 23 Nov 2022 10:39:27 GMT
last-modified: Wed, 23 Nov 2022 10:37:48 GMT
etag: "e08ec3af7e3d435b3f33bb0e5c1a96cd"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: x2Mmch6iA_WuLOTttZV9y294s4qAjVhT
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: lIEYvvy3DmaRvuuBxlYaRfVCTJkZLjIGzCH-uEO8SD4VNv0HgYqzRw==
age: 5648
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 0 B URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gkfxprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: BqrXQx0NgK3Mvk473tD/an+dDxbEexHFUIGATN6+o4/yfJEkh8ss7ViMoUR+/PwADCloVXEM8Np3ZKMB7JITkQ==
content-length: 27340
x-fb-trip-id: 1679558926
date: Wed, 23 Nov 2022 12:13:33 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.gkfxprime.com/VN
107.154.80.92200 OK 0 B IP 107.154.80.92:0
Analyzer Verdict Alert quad9 Sinkholed
GET /VN HTTP/1.1
Host: www.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
x-timeelapsed: 0ms,1132ticks
content-security-policy: frame-ancestors cms.gkfxcambodia.com cms.gkfxprime-china.com cms.gkfxprime.com.cn cms.gkfxprime.com cms.gkfxprimecn.com www.investo.vn https://partnersportal.gkfxprime.com/ http://cn.gkfxprime.vip/ http://cn.gkfxprime.top/ http://fx.cngkprime.com/ http://mt4.cngkprime.cn/ http://www.cngkprime.com/ http://www.facebook.com/ https://www.facebook.com/ http://www.gkfxprimecnonline.com/ https://www.gkfxprimecnonline.com/
date: Wed, 23 Nov 2022 12:13:27 GMT
set-cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; expires=Wed, 22 Nov 2023 22:15:12 GMT; HttpOnly; path=/; Domain=.gkfxprime.com; Secure; SameSite=None
incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; path=/; Domain=.gkfxprime.com; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-64409320-64409323 NNYN CT(38 88 0) RT(1669205607544 21) q(0 0 1 0) r(3 3) U12
X-Firefox-Spdy: h2
www.gkfxprime.com/relatedpush_sw.js?1669205608944
107.154.80.92200 OK 0 B URL HTTP/2 www.gkfxprime.com/relatedpush_sw.js?1669205608944
IP 107.154.80.92:0
Analyzer Verdict Alert quad9 Sinkholed
GET /relatedpush_sw.js?1669205608944 HTTP/1.1
Host: www.gkfxprime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: visid_incap_1960783=D1uidqoJS66Jhvq3etpzemcOfmMAAAAAQUIPAAAAAACZdgGbsjEOOgCUC/ndK4QS; incap_ses_7235_1960783=5UnQfpUg/DrqMFiQr+JnZGcOfmMAAAAAU7WUZpcQyvcZTu/OaMbwpw==; _gcl_au=1.1.796474590.1669205608
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 08 Aug 2022 06:36:47 GMT
accept-ranges: bytes
etag: "4faa43bf1aad81:0"
server: Microsoft-IIS/10.0
content-security-policy: frame-ancestors cms.gkfxcambodia.com cms.gkfxprime-china.com cms.gkfxprime.com.cn cms.gkfxprime.com cms.gkfxprimecn.com www.investo.vn https://partnersportal.gkfxprime.com/ http://cn.gkfxprime.vip/ http://cn.gkfxprime.top/ http://fx.cngkprime.com/ http://mt4.cngkprime.cn/ http://www.cngkprime.com/ http://www.facebook.com/ https://www.facebook.com/ http://www.gkfxprimecnonline.com/ https://www.gkfxprimecnonline.com/
date: Wed, 23 Nov 2022 12:13:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
cache-control: max-age=0
content-encoding: gzip
x-iinfo: 14-64409320-64359769 2NYN RT(1669205607544 1710) q(0 0 0 -1) r(2 2) U18
X-Firefox-Spdy: h2