Report - kiemthe1xua.com/taive/

Report Overview

Submitted URL
kiemthe1xua.com/taive/
IP
103.90.226.73
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Submitted
2022-09-08 18:52:51
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.164.56.167
img.zing.vn	512499	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	299 B	1.4 kB	113.164.15.82
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	72 kB	142.250.74.163
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	409 B	746 B	142.250.74.10
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	797 B	93.184.220.29
kiemthe1xua.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	3.7 MB	103.90.226.73
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.8 kB	172.64.155.188
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.9 kB	142.250.74.3
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	64 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-08	medium	kiemthe1xua.com/taive/	Phishing
2022-09-08	medium	kiemthe1xua.com/js/download.js	Phishing
2022-09-08	medium	kiemthe1xua.com/css/SVN-AleoBold.woff2	Phishing
2022-09-08	medium	kiemthe1xua.com/images/download/huongdantaigamee.mp4	Phishing
2022-09-08	medium	kiemthe1xua.com/images/download/huongdantaigamee.mp4	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	kiemthe1xua.com/js/download.js	340 kB	2023-03-07	2023-03-07
Pretty URL kiemthe1xua.com/js/download.js IP 103.90.226.73 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:58:45 Last Seen2023-03-07 13:58:45 Times Seen1 Hash 300e832db7c910673b694b43e5b47af4 a3519401b795c1795cece0a70567d8efc421a73a 8d2b0f76968fb0753d9792a2c5ec57c189752b4c03cfba4ccfed1593ae3540cb Loading...

HTTP Transactions (70)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 18:05:21 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LVALsAl-kz2colQOJ6A9iN9Gx9qcTr6DneGudWtQlPOs0gxS1CEIKQ==
Age: 2839

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6441
Expires: Thu, 08 Sep 2022 20:40:01 GMT
Date: Thu, 08 Sep 2022 18:52:40 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LN7MZ8GGvgu09jKHH5tgwPjbeEn-Do-NHCxAUhBfXdlvrvq8Db6BfA==
age: 54366
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 18:52:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 08 Sep 2022 18:38:18 GMT
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 19:29:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Zlj7b7fxPA1vSJEf7K6hl0hyFFN5N_RkG4zaUBwjy4LJTvObpxtjJw==
Age: 862

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5776
Cache-Control: max-age=139821
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:40 GMT
Etag: "6319a295-1d7"
Expires: Sat, 10 Sep 2022 09:43:01 GMT
Last-Modified: Thu, 08 Sep 2022 08:06:45 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.164.56.167

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.56.167:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: p9sTHwaAp6B37Ok8Sdnkiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OEoZa0Uvw2WRUDCaDo/tJhKl/9Y=

kiemthe1xua.com/taive/

103.90.226.73

200 OK

2.1 kB

URL HTTP/1.1
kiemthe1xua.com/taive/
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.1 kB (2112 bytes)
Hash
9d2f129dc605027abfa70de6e79f5f4e
559f52bd3914327d868b30783d06afd7084ea406
9d5a2a17ca35328a19dc8c958a2cb5921aa5c623624c61820e890374eb1b5c6c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /taive/ HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.29
Set-Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pingback: http://kiemthe1xua.com/xmlrpc.php
Link: <https://kiemthe1xua.com/wp-json/>; rel="https://api.w.org/", <https://kiemthe1xua.com/wp-json/wp/v2/posts/6516>; rel="alternate"; type="application/json", <https://kiemthe1xua.com/?p=6516>; rel=shortlink
Content-Encoding: gzip

kiemthe1xua.com/css/reset-wp.css?ver=5.6.3

103.90.226.73

200 OK

1.1 kB

URL HTTP/1.1
kiemthe1xua.com/css/reset-wp.css?ver=5.6.3
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1146 bytes)
Hash
968ba6e00c6c5ff03e62d5b213e1ba54
718d99e4131b09d36d386962997d678f5601a666
3b23de3cfb99617690dcc87c2036feb1835c3379eeecf17ccdb6af78d1ef42d8

HTTP Headers

GET /css/reset-wp.css?ver=5.6.3 HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/taive/
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:41 GMT
Content-Type: text/css
Content-Length: 1146
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:27:03 GMT
ETag: "47a-5c09c3533eae0"
Accept-Ranges: bytes

kiemthe1xua.com/css/download.css?ver=1614151406

103.90.226.73

200 OK

31 kB

URL HTTP/1.1
kiemthe1xua.com/css/download.css?ver=1614151406
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
ASCII text, with CRLF line terminators
Size
31 kB (31193 bytes)
Hash
5cba741025cfe2644adde64305417e2b
c40b917a53c03d845ba432057c67ba4cce2c696f
391c0a746e77e21ee424384dc7e009ec856d95c7e9ff5ab99415839161c43065

HTTP Headers

GET /css/download.css?ver=1614151406 HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/taive/
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:41 GMT
Content-Type: text/css
Content-Length: 31193
Connection: keep-alive
Last-Modified: Thu, 12 Aug 2021 03:38:15 GMT
ETag: "79d9-5c954770aa879"
Accept-Ranges: bytes

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f13aee7a719c32560ce8b5ae6698aaf7
c0753fb6b5e7201e796337908ed99579c78c911f
3b2a53fa24163636d60d360002b68936b4c554c981d1bc288c7e121e22443920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 04:37:59 GMT
Expires: Tue, 13 Sep 2022 04:37:58 GMT
Etag: "c0753fb6b5e7201e796337908ed99579c78c911f"
Cache-Control: max-age=380115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7479e1fb7ddc0b55-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f13aee7a719c32560ce8b5ae6698aaf7
c0753fb6b5e7201e796337908ed99579c78c911f
3b2a53fa24163636d60d360002b68936b4c554c981d1bc288c7e121e22443920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 04:37:59 GMT
Expires: Tue, 13 Sep 2022 04:37:58 GMT
Etag: "c0753fb6b5e7201e796337908ed99579c78c911f"
Cache-Control: max-age=380115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7479e1fb8a4eb523-OSL

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f13aee7a719c32560ce8b5ae6698aaf7
c0753fb6b5e7201e796337908ed99579c78c911f
3b2a53fa24163636d60d360002b68936b4c554c981d1bc288c7e121e22443920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 04:37:59 GMT
Expires: Tue, 13 Sep 2022 04:37:58 GMT
Etag: "c0753fb6b5e7201e796337908ed99579c78c911f"
Cache-Control: max-age=380115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7479e1fb7a200b69-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f13aee7a719c32560ce8b5ae6698aaf7
c0753fb6b5e7201e796337908ed99579c78c911f
3b2a53fa24163636d60d360002b68936b4c554c981d1bc288c7e121e22443920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 04:37:59 GMT
Expires: Tue, 13 Sep 2022 04:37:58 GMT
Etag: "c0753fb6b5e7201e796337908ed99579c78c911f"
Cache-Control: max-age=380115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7479e1fb7a9b0b06-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f13aee7a719c32560ce8b5ae6698aaf7
c0753fb6b5e7201e796337908ed99579c78c911f
3b2a53fa24163636d60d360002b68936b4c554c981d1bc288c7e121e22443920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 04:37:59 GMT
Expires: Tue, 13 Sep 2022 04:37:58 GMT
Etag: "c0753fb6b5e7201e796337908ed99579c78c911f"
Cache-Control: max-age=380115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7479e1fb7aa10b61-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5999
Expires: Thu, 08 Sep 2022 20:32:41 GMT
Date: Thu, 08 Sep 2022 18:52:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5999
Expires: Thu, 08 Sep 2022 20:32:41 GMT
Date: Thu, 08 Sep 2022 18:52:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5999
Expires: Thu, 08 Sep 2022 20:32:41 GMT
Date: Thu, 08 Sep 2022 18:52:42 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6214 bytes)
Hash
f922505178de0cea92eedcfda85a9f67
50f1459de01174e594e03e7df4dfaa8eb1798672
981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 05:34:36 GMT
age: 47886
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F822fb287-f1f6-45a1-be54-4fa7385bb163.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11365 bytes)
Hash
6f73ee4e91b38eaa36cadd4c437785f8
6ceea057f5ae50b9cef505da0a358e3d3b7d6a38
778d28e14b28c154843403470136d0efdcdd5e93e4b5aab784c12d4344e7af6f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F822fb287-f1f6-45a1-be54-4fa7385bb163.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11365
x-amzn-requestid: d50039cd-381c-4221-997e-9231d40ecfbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9V0EHEoAMFeag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f58-11cab61904bd14462cd13d0d;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: z7RyNwWgq5r9B2WMa5ibpo3d8DXFSFCCrEHpMvc0Q5SqE2x1ovaV-g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:41:33 GMT
age: 72669
etag: "6ceea057f5ae50b9cef505da0a358e3d3b7d6a38"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7492 bytes)
Hash
a07d553b6441514870ed7e9e989a29a7
98c145b9326d1e6036fa9089d87a25232dd45b0b
373a586b596016baeb8de98022207c25af24c099c06077edbdfd837cffc31a0e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7492
x-amzn-requestid: 2c5e9ff3-c7a4-4a8f-96bf-74f0ca5d9137
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9dOHguIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f87-70dbe6532b1a241e6dbe729e;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6mfdlMHJozdykr4faiijvUuJPXVrJGU_n0MxJgCrZ-uWWdejGYfiAQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
age: 73176
etag: "98c145b9326d1e6036fa9089d87a25232dd45b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffca3b7c7-528e-421a-8910-451f0b9b667f.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8162 bytes)
Hash
09267c271a56ba4c2d4197543f264fac
67ae4acd88571da51b81fa7ed963b7f2a71845b4
906163f9e1bb8908ae7fcfbf4debc2a42fd14a3f90c8814536025a57ee851dbe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffca3b7c7-528e-421a-8910-451f0b9b667f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8162
x-amzn-requestid: decb1d93-bcc9-4a71-a054-c537ad7d1add
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YJvndF1fIAMFv7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a2c95-27cef2465fd0e6c849da81af;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 17:55:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: C_J0m9xfkCb5qsoO934KB2Ldk1-yMaMXkgiv9gWus7JqjN3M_HCpdg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 17:56:29 GMT
age: 3373
etag: "67ae4acd88571da51b81fa7ed963b7f2a71845b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7251 bytes)
Hash
1cd778a615e9a4ca3a25119790398434
d6daca74fc85d39274b3c7536f34528bef93ae97
e6b5a7a525e314e09c30985b22da7c34806df09cbe98ad52b00dcbf93a0dc054

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7251
x-amzn-requestid: 26b2021a-4440-47ce-8dba-d971cae60cc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bmHcmoAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-5471edce7de2374c3b8af888;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: d3MrDEyDFDylQKyfxONQ12_7IBvRAg8o0rSZ64WNRGNvDHqQyDmqJA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:16:27 GMT
age: 74175
etag: "d6daca74fc85d39274b3c7536f34528bef93ae97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7885 bytes)
Hash
7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ry2D03udnweYHan_7KhC9IDhT01g9_73G40Fa10BdIX21tgK0Cgjiw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
age: 75847
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kiemthe1xua.com/css/fonts.css

103.90.226.73

200 OK

450 B

URL HTTP/1.1
kiemthe1xua.com/css/fonts.css
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
ASCII text, with CRLF line terminators
Size
450 B (450 bytes)
Hash
a0128cbe7f961581c090ea0b3484a2ac
6f170def463e96c62ea1d102b51d66afa92c0b29
fc6159eb283bd58084577028235d3bbed1f962e53b60c1d0c33b1b934728413f

HTTP Headers

GET /css/fonts.css HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: text/css
Content-Length: 450
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:29:08 GMT
ETag: "1c2-5c09c3c9ed13e"
Accept-Ranges: bytes

kiemthe1xua.com/css/slick.css

103.90.226.73

200 OK

1.9 kB

URL HTTP/1.1
kiemthe1xua.com/css/slick.css
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1895 bytes)
Hash
b06073c5a23326dcc332b78d42c7290c
64e6c5ff99f14c65752e0322234160f8e83fc6c2
f0b722c48c52082cd77261574e22a5251fe37ea4b291b1441134145bab9b2063

HTTP Headers

GET /css/slick.css HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: text/css
Content-Length: 1895
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:30:53 GMT
ETag: "767-5c09c42ebcd3e"
Accept-Ranges: bytes

kiemthe1xua.com/css/font-awesome.css

103.90.226.73

200 OK

34 kB

URL HTTP/1.1
kiemthe1xua.com/css/font-awesome.css
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
troff or preprocessor input, ASCII text, with very long lines (372), with CRLF line terminators
Size
34 kB (34344 bytes)
Hash
f41972df29e3cfed4a340b9c21d6ba94
811432ad1e2d6c1f6da9a63fd919bf2a02b71dd9
d4230e4529ad80ac1e2779112749264647a4212edbe7511088dde28e92d8074b

HTTP Headers

GET /css/font-awesome.css HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: text/css
Content-Length: 34344
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:30:07 GMT
ETag: "8628-5c09c40270943"
Accept-Ranges: bytes

kiemthe1xua.com/js/download.js

103.90.226.73

200 OK

340 kB

URL HTTP/1.1
kiemthe1xua.com/js/download.js
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
340 kB (340036 bytes)
Hash
300e832db7c910673b694b43e5b47af4
a3519401b795c1795cece0a70567d8efc421a73a
8d2b0f76968fb0753d9792a2c5ec57c189752b4c03cfba4ccfed1593ae3540cb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/download.js HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/taive/
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:41 GMT
Content-Type: application/javascript
Content-Length: 340036
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 08:29:19 GMT
ETag: "53044-5c09f979878e0"
Accept-Ranges: bytes

kiemthe1xua.com/css/uikit.min.css

103.90.226.73

200 OK

271 kB

URL HTTP/1.1
kiemthe1xua.com/css/uikit.min.css
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
271 kB (270866 bytes)
Hash
7f6169cfe14417aa317b2350f8d05aaa
327f908e6b1c5df696fd24a825b152759c965d38
4acf3da084cc94290ba1d6b9a33ad8d88ee6c8b833a174bbe885fa7e7d3ec1de

HTTP Headers

GET /css/uikit.min.css HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:42 GMT
Content-Type: text/css
Content-Length: 270866
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:30:26 GMT
ETag: "42212-5c09c41501504"
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3d2d40f373a7ef445874e65d7f0397
087a4802f28647e830222fafc67bda30dec5fc31
4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kiemthe1xua.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 83915
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3d2d40f373a7ef445874e65d7f0397
087a4802f28647e830222fafc67bda30dec5fc31
4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kiemthe1xua.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 83915
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

142.250.74.163

200 OK

12 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 11824, version 1.0\012- data
Size
12 kB (11824 bytes)
Hash
deb26e9b1a25438118e5d39d741ae6b6
a2801defb4c8bed8e4083dfde0b2a5a9c0537020
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kiemthe1xua.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:35:18 GMT
expires: Thu, 07 Sep 2023 19:35:18 GMT
cache-control: public, max-age=31536000
age: 83845
last-modified: Wed, 11 May 2022 19:24:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

142.250.74.163

200 OK

12 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 11872, version 1.0\012- data
Size
12 kB (11872 bytes)
Hash
87ace20058325aa069320aa4af875dff
b743548770c46d905ae1ba06310bc001c587fe8e
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kiemthe1xua.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:35:48 GMT
expires: Thu, 07 Sep 2023 19:35:48 GMT
cache-control: public, max-age=31536000
age: 83815
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3d2d40f373a7ef445874e65d7f0397
087a4802f28647e830222fafc67bda30dec5fc31
4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:52:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

142.250.74.163

200 OK

5.5 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 5548, version 1.0\012- data
Size
5.5 kB (5548 bytes)
Hash
cdaab83619fcacd4027a77c99dd51e69
9e6eae8554f8cc2309b2dae2d9fa217e34eed6a4
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kiemthe1xua.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5548
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 21:32:38 GMT
expires: Thu, 07 Sep 2023 21:32:38 GMT
cache-control: public, max-age=31536000
age: 76805
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

142.250.74.163

200 OK

5.6 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 5560, version 1.0\012- data
Size
5.6 kB (5560 bytes)
Hash
ca3b09b62fda648a4511700413313fd0
109cd4c5435bd6614391bb8722c47c287c96b2ec
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kiemthe1xua.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5560
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:36:26 GMT
expires: Thu, 07 Sep 2023 19:36:26 GMT
cache-control: public, max-age=31536000
age: 83777
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

kiemthe1xua.com/images/download/taingay_3.png

103.90.226.73

200 OK

10 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/taingay_3.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 186 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10450 bytes)
Hash
dd207f2b7aacfd127f99a035356e4282
df6522dbc64e7b1bf52ff163ca6da14f1d6d6f5e
79a1c21d075bf9d49a48fc9960a1a1cde29df26911a36546ebfc848c9548baba

HTTP Headers

GET /images/download/taingay_3.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 10450
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:19 GMT
ETag: "28d2-5c09c6bcdab2d"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/taingay_2.png

103.90.226.73

200 OK

10 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/taingay_2.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 186 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10110 bytes)
Hash
17bd294a8a74e4aa9ad09cb59fd895dc
831341c0202ae4ae59e1f1cc0906936de0e5b43f
89357cfbe575782703bccfb8bfd410e38d7594bddf8a24741563833aa385d5b9

HTTP Headers

GET /images/download/taingay_2.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 10110
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:19 GMT
ETag: "277e-5c09c6bc515e6"
Accept-Ranges: bytes

kiemthe1xua.com/css/images/dl_dot_menu.png

103.90.226.73

200 OK

243 B

URL HTTP/1.1
kiemthe1xua.com/css/images/dl_dot_menu.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced\012- data
Size
243 B (243 bytes)
Hash
6e21cfc6c2d0259d74d7c3504941b525
429d2e5517b20d4ad31080ef4aa9d6b8df5e1fe4
cfe3c01669ab4033d8f51064682fa7c2504ea7a3b146e986dc732da25f2546b9

HTTP Headers

GET /css/images/dl_dot_menu.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 243
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:34:23 GMT
ETag: "f3-5c09c4f702f64"
Accept-Ranges: bytes

kiemthe1xua.com/css/SVN-AleoBold.woff2

103.90.226.73

200 OK

35 kB

URL HTTP/1.1
kiemthe1xua.com/css/SVN-AleoBold.woff2
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
Web Open Font Format (Version 2), TrueType, length 34840, version 1.0\012- data
Size
35 kB (34840 bytes)
Hash
c372b5e1fa2be3e63ba213dc9073138a
cc7d2d70bbff540534b36e16ba0b86b4bbdbfc2c
1084ab07918b49300c050a8723e412aa1a3168e89391702253a31cbf1a3dda46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/SVN-AleoBold.woff2 HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/fonts.css
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: font/woff2
Content-Length: 34840
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:36:48 GMT
ETag: "8818-5c09c58173cfa"
Accept-Ranges: bytes

kiemthe1xua.com/images/logo22.png

103.90.226.73

200 OK

45 kB

URL HTTP/1.1
kiemthe1xua.com/images/logo22.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 250 x 132, 8-bit/color RGBA, non-interlaced\012- data
Size
45 kB (45205 bytes)
Hash
b669903996716e60c4fcdb8f0d7c8b19
adc26956e4110f77d40031b8ae6e3379d9980511
0b5893db2ccb2531f579fd360a002fb74714a872d7ef782559be099ba65e6eec

HTTP Headers

GET /images/logo22.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/taive/
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 45205
Connection: keep-alive
Last-Modified: Sat, 10 Apr 2021 19:43:18 GMT
ETag: "b095-5bfa37e00d2d4"
Accept-Ranges: bytes

kiemthe1xua.com/css/images/trang_tri.png

103.90.226.73

200 OK

50 kB

URL HTTP/1.1
kiemthe1xua.com/css/images/trang_tri.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 315 x 116, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (49682 bytes)
Hash
0fe72c334081842a8e2c12e33e47b127
636c073eb86a36c676a6ec2acfad361c1b61acf1
ca90f326455e17daad56fd5902afea7de3288306a4b83854282571da87324fb7

HTTP Headers

GET /css/images/trang_tri.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:44 GMT
Content-Type: image/png
Content-Length: 49682
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:38:31 GMT
ETag: "c212-5c09c5e2fc2c7"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/dl_btn_dangky.png

103.90.226.73

200 OK

43 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/dl_btn_dangky.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 418 x 162, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (43367 bytes)
Hash
32d6ce45fb021a267241b51e34e711b6
f32618b672b5fc929d89f828ab5f31ec4878a749
d460435033d41934b6eef1982eba2d277a6d3cf481e1e10e1766f2baad890bdb

HTTP Headers

GET /images/download/dl_btn_dangky.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:44 GMT
Content-Type: image/png
Content-Length: 43367
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:11 GMT
ETag: "a967-5c09c6b4df946"
Accept-Ranges: bytes

kiemthe1xua.com/css/images/bg_page_download.jpg

103.90.226.73

200 OK

200 kB

URL HTTP/1.1
kiemthe1xua.com/css/images/bg_page_download.jpg
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x2209, components 3\012- data
Size
200 kB (199866 bytes)
Hash
586cae7621c17a006f3ad2260da0b603
fdbd6550129cd74bf468f9bf3b17baaba48769c1
c73a11bac0dba37f83a5f87bebf8da890d2111aab631c5b1fb45bf221c761fc0

HTTP Headers

GET /css/images/bg_page_download.jpg HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/jpeg
Content-Length: 199866
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:34:33 GMT
ETag: "30cba-5c09c5008fed4"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/tit_phuong_thuc_tai.png

103.90.226.73

200 OK

16 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/tit_phuong_thuc_tai.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 518 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15720 bytes)
Hash
6a38eccbc0259cfe510f341bd7d60b6e
48eb784228cbaf250d8c3439fdb8f249c276409c
70f66e4c549b45252b1b55c3834ffee4e5d8882c500ffdb6700af83d17f9b6f7

HTTP Headers

GET /images/download/tit_phuong_thuc_tai.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:44 GMT
Content-Type: image/png
Content-Length: 15720
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:18 GMT
ETag: "3d68-5c09c6bb4f8c4"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/dl_download_linkss.png

103.90.226.73

200 OK

360 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/dl_download_linkss.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 1151 x 359, 8-bit/color RGB, non-interlaced\012- data
Size
360 kB (359451 bytes)
Hash
801cc6c0b8b099b1b8440ea9ff7cebb7
4f3c0740425c2b907204fbaa4cfcd6da5c4fdb33
4d138a10079fbf7f34a74193b31d73eb157a96b9f7f66272725673dcb9468274

HTTP Headers

GET /images/download/dl_download_linkss.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 359451
Connection: keep-alive
Last-Modified: Thu, 12 Aug 2021 03:48:54 GMT
ETag: "57c1b-5c9549d27d4b0"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/dl_contact.png

103.90.226.73

200 OK

407 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/dl_contact.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 970 x 365, 8-bit/color RGBA, non-interlaced\012- data
Size
407 kB (406878 bytes)
Hash
2036179492ddbfe7983ddb527541196c
b53de6a658eb4f0390c5448c67676cd620d474ce
599e62d9feb506f8131a6e2702a828ba197f9aad1afdae29fbc6bd3270cdb064

HTTP Headers

GET /images/download/dl_contact.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 406878
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:32 GMT
ETag: "6355e-5c09c6c9123d0"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/taingay_1.png

103.90.226.73

200 OK

10 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/taingay_1.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 186 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10260 bytes)
Hash
759480d014fce2ba9fa2a715b1297e32
7280586f363b09ceb685acc90b476c9f4dbbfd04
1bf82a719b2490ccdac5a364efb125ba7872fe1db82c7f0127eb8d466e7453a6

HTTP Headers

GET /images/download/taingay_1.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 10260
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:19 GMT
ETag: "2814-5c09c6bc5cce9"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/taingay_4.png

103.90.226.73

200 OK

10 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/taingay_4.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 186 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10388 bytes)
Hash
5d02735afa6e6004facc01d26af058bf
3a58f03fc2e371035edb8e6e9688bac7eadb58f6
c0319a7400a6894f21220cf7a9af53040fe83ba30bd5d3173f67221dca3a62ed

HTTP Headers

GET /images/download/taingay_4.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 10388
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:19 GMT
ETag: "2894-5c09c6bce6236"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/dl_huong_dan.png

103.90.226.73

200 OK

193 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/dl_huong_dan.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 1152 x 275, 8-bit/color RGBA, non-interlaced\012- data
Size
193 kB (193010 bytes)
Hash
feab01956a7b7aee47aec96a1c2fca94
746f06b4ffbc5a9baca8b57a5953d7767108b0c5
a7914c1a0969885b0d3003dedb661a2fe7aef34971dc188ff82c0425dcc52a1f

HTTP Headers

GET /images/download/dl_huong_dan.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:44 GMT
Content-Type: image/png
Content-Length: 193010
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 06:00:26 GMT
ETag: "2f1f2-5c09d832d187a"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/tit_video_huong_dan_chi_tiet.png

103.90.226.73

200 OK

16 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/tit_video_huong_dan_chi_tiet.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 566 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16430 bytes)
Hash
8e801e6bccb7574b10858affdb06c616
4d78a42bb36eb78827a23482746de2ab8b0af675
60f9772669c12e80cc28c890f694698cfe9aa26d68dd0bd30529116f5e342943

HTTP Headers

GET /images/download/tit_video_huong_dan_chi_tiet.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 16430
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:20 GMT
ETag: "402e-5c09c6bd3de16"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/trang_tri_2.png

103.90.226.73

200 OK

22 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/trang_tri_2.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 126 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (21608 bytes)
Hash
ba3ddc294d0b9b0bb594d698d74442da
af22894b60eec8deb94bc86611e9471711608ca1
35fa1d36ac06e2908fb5bd21c05bd60ff8910486dbea702ee40c770407ce33be

HTTP Headers

GET /images/download/trang_tri_2.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 21608
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:20 GMT
ETag: "5468-5c09c6bd58941"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/demo_video.png

103.90.226.73

200 OK

22 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/demo_video.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 960 x 540, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22136 bytes)
Hash
bbd4429b17c7513164c719c2c91cc59c
c13d4785d9b0d7f3b3aeabe4228cd08ee82ea90f
baa94c93ae11a067940bff55d963b1af4708df417cd2a0df81be4dbf66ae63dd

HTTP Headers

GET /images/download/demo_video.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 22136
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:20 GMT
ETag: "5678-5c09c6bd4d21c"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/dl_contact_btn_1.png

103.90.226.73

200 OK

20 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/dl_contact_btn_1.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 313 x 56, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (19765 bytes)
Hash
16c1a0a2a9cf42af253a480d7510d9f7
19af97a14127aa5de3fd109901f1a51d5dd3fe5d
3cba3434d368ac2a063f7c9e508a2ad4d83046687d388f63b4d4380f87719bc2

HTTP Headers

GET /images/download/dl_contact_btn_1.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 19765
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 05:54:05 GMT
ETag: "4d35-5c09d6c7abf8b"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/trang_tri_3.png

103.90.226.73

200 OK

88 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/trang_tri_3.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 462 x 595, 8-bit/color RGBA, non-interlaced\012- data
Size
88 kB (87928 bytes)
Hash
16ffea76023ccc73e94723dd3a71cae0
dece6d85ce2d2cf85a6f2322cc64ce3aaa98753a
0f8d1776099986569584586c6d3506f2bfe07dd1d9aee01403838c63856e3533

HTTP Headers

GET /images/download/trang_tri_3.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:45 GMT
Content-Type: image/png
Content-Length: 87928
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:21 GMT
ETag: "15778-5c09c6bea7750"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/huongdantaigamee.mp4

103.90.226.73

206 Partial Content

510 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/huongdantaigamee.mp4
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
data
Size
510 kB (509724 bytes)
Hash
30fc2178ac64e32505c01b995908d54e
6356ad19b8d76103ebc1a7f21203f61dbb4aae35
6d92d9b40bbd78ee02a386adfe50ff9aacf5593993312cff7eb6cfb7a45c9790

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/download/huongdantaigamee.mp4 HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=231112704-
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 206 Partial Content
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:44 GMT
Content-Type: video/mp4
Content-Length: 509724
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 11:46:25 GMT
ETag: "dce471c-5c0a2587aff71"
Accept-Ranges: bytes
Content-Range: bytes 231112704-231622427/231622428

kiemthe1xua.com/images/download/dl_contact_btn_2.png

103.90.226.73

200 OK

23 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/dl_contact_btn_2.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 313 x 56, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22834 bytes)
Hash
0b12b2b3783cc2792ea6debf3dee4024
523c366faa2723cc6f87ac29ac77dfabafea8937
107737ee2e1cd31f2d26876be85b17ac6a0333969fcefe14cbe5926be27815c1

HTTP Headers

GET /images/download/dl_contact_btn_2.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:46 GMT
Content-Type: image/png
Content-Length: 22834
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 05:55:33 GMT
ETag: "5932-5c09d71affa33"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/trang_tri_4.png

103.90.226.73

200 OK

412 kB

URL HTTP/1.1
kiemthe1xua.com/images/download/trang_tri_4.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 1218 x 608, 8-bit/color RGBA, non-interlaced\012- data
Size
412 kB (412113 bytes)
Hash
6b3540f45c40fb3a4583a4b3e6767c46
f1c97b921a85ce764a75fe960bb041dffa683c3c
24743a95c2e7fcb9bd270b98f2ca2e40d4c510f416e709816a8836f18da9d064

HTTP Headers

GET /images/download/trang_tri_4.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/png
Content-Length: 412113
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 04:42:31 GMT
ETag: "649d1-5c09c6c89075c"
Accept-Ranges: bytes

kiemthe1xua.com/images/studio_logo.png

103.90.226.73

200 OK

498 kB

URL HTTP/1.1
kiemthe1xua.com/images/studio_logo.png
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 3454 x 3107, 8-bit/color RGBA, non-interlaced\012- data
Size
498 kB (497577 bytes)
Hash
a76eba40699986dcace8f20e7fe349e3
3c555bc75c593b4f894e6f10edab80fc2ada6d32
c81ce68563ddc93d1923cb6c1e9ecaedee00c24f0dab5de8c6fc2b14ca810b27

HTTP Headers

GET /images/studio_logo.png HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:46 GMT
Content-Type: image/png
Content-Length: 497577
Connection: keep-alive
Last-Modified: Sat, 10 Apr 2021 09:29:40 GMT
ETag: "797a9-5bf9aeb7b0dbb"
Accept-Ranges: bytes

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b6df26b-97aa-461c-9f22-c5c9496b5701.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8705 bytes)
Hash
24e43bc53a0b047911cff00ad4b72320
f6ef30b5df0e634c3a3f607d751e738e55a276c9
7e1406b2101c912e72f37f0257128574079e618c1af83e360acb3f29b4d44d89

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b6df26b-97aa-461c-9f22-c5c9496b5701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8705
x-amzn-requestid: ccc5b695-35b5-49fd-b938-296a88a78ab8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgFOiIAMFaXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-12e809c767cdbba61492187c;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: iN3jcMCQ8paYD_O9gQLAswM-ITb0oY8CYmbnMDwpwS-7hPLis5TGSg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:03:47 GMT
age: 74942
etag: "f6ef30b5df0e634c3a3f607d751e738e55a276c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

img.zing.vn/products/njx/favicon.ico

113.164.15.82

200 OK

1.1 kB

URL HTTP/1.1
img.zing.vn/products/njx/favicon.ico
IP
113.164.15.82:0
ASN
#45899 VNPT Corp

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1086 bytes)
Hash
d014a5bd6feb40e2bc0deed199e03824
cc6fb14121f4346b7c2db9d7a7d75b4f1aa795fc
91c2c2549020d5a11acfd89dc402bedd8b10a79fd4fdf18ffe3cc1ba97f15515

HTTP Headers

GET /products/njx/favicon.ico HTTP/1.1
Host: img.zing.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 18:52:49 GMT
Content-Type: image/x-icon
Content-Length: 1086
Connection: keep-alive
Last-Modified: Wed, 02 Oct 2019 04:45:37 GMT
ETag: "5d942b71-43e"
Expires: Tue, 07 Mar 2023 18:52:49 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: MISS
Accept-Ranges: bytes

fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Roboto:wght@300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 18:52:42 GMT
date: Thu, 08 Sep 2022 18:52:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

kiemthe1xua.com/css/images/bg_header_dls.jpg

103.90.226.73

200 OK

0 B

URL HTTP/1.1
kiemthe1xua.com/css/images/bg_header_dls.jpg
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/images/bg_header_dls.jpg HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kiemthe1xua.com/css/download.css?ver=1614151406
Cookie: PHPSESSID=7td9nmmgg35dsaeusa7pdvg55k

HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:43 GMT
Content-Type: image/jpeg
Content-Length: 934119
Connection: keep-alive
Last-Modified: Thu, 12 Aug 2021 03:32:16 GMT
ETag: "e40e7-5c95461a23b7f"
Accept-Ranges: bytes

kiemthe1xua.com/images/download/huongdantaigamee.mp4

103.90.226.73

206 Partial Content

0 B

URL HTTP/1.1
kiemthe1xua.com/images/download/huongdantaigamee.mp4
IP
103.90.226.73:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/download/huongdantaigamee.mp4 HTTP/1.1
Host: kiemthe1xua.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://kiemthe1xua.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 206 Partial Content
Server: nginx/1.19.1
Date: Thu, 08 Sep 2022 18:52:44 GMT
Content-Type: video/mp4
Content-Length: 231622428
Connection: keep-alive
Last-Modified: Fri, 23 Apr 2021 11:46:25 GMT
ETag: "dce471c-5c0a2587aff71"
Accept-Ranges: bytes
Content-Range: bytes 0-231622427/231622428

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (70)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size