r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8097
Expires: Fri, 09 Dec 2022 18:46:08 GMT
Date: Fri, 09 Dec 2022 16:31:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14507
Expires: Fri, 09 Dec 2022 20:32:58 GMT
Date: Fri, 09 Dec 2022 16:31:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 16:08:19 GMT
content-type: application/json
age: 1372
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5430
Expires: Fri, 09 Dec 2022 18:01:41 GMT
Date: Fri, 09 Dec 2022 16:31:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4QNmLRlEzaUqn2MPnqhlXYV+kl3clGXHkLGccquE/vZWMQnJ/gKGWIn27949PLOo8zwJ+BtiMWc=
x-amz-request-id: 25DPZ0R1EH5VQJTC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 15:48:23 GMT
age: 2568
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:31:11 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 16:07:55 GMT
age: 1396
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2945
Cache-Control: max-age=149089
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:31:11 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:56:00 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.163.38.240101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.38.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 19R1qHHNB+ITOLnodLyR/Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +L+KFQ5FbXF6W2xSGmuVs7jI/fY=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10065
Expires: Fri, 09 Dec 2022 19:18:58 GMT
Date: Fri, 09 Dec 2022 16:31:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10065
Expires: Fri, 09 Dec 2022 19:18:58 GMT
Date: Fri, 09 Dec 2022 16:31:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 12:33:36 GMT
age: 14257
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 33478
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 46367
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 67189
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 33434
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 42298
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cyto.com.vn/sarvi/usps/
172.67.186.38302 Found 0 B IP 172.67.186.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/ HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 16:31:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: verification/
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U53vG%2FOm7hYglDKdoFc0Zw1cTRmLDebY7B4EGNmRKE%2Bk09ytUsmAZxcFSir1HYwryDSWAPppFxXHyZsQJxHtPV0KOyICOMOml7UtWdWLG1KuhNH%2BlizNQYhnZLQ9%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2130fa1eb4f3-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/
172.67.186.38200 OK 11 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/
IP 172.67.186.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1057)
Hash 0fa7dc27bc217d56d35f1c3467241ca8
270082ac4325b1edbcfb9fe4324a4d1b111ed9b2
d9da1eb79cf4d428eeb9a70319c2bf54a251c476cd89fd63b0047b52b0e8550f
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/ HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dJ1SHWEAifLnCn%2F%2Bov67Bu6kwFU8jkaAE7Ssoj3MjArNDA0snsKaTWrQLLHYPmv8HwGM6XuA266HAoVtG78IxeFn%2FlQ8KLArVz3ZIH3PgY2sZaUS6U0UpgH01wU31A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f214bbe1cb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/calendar.css
172.67.186.38200 OK 2.6 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/calendar.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (14589), with no line terminators
Hash 08db95a016165b8d14a144668b7e064a
92d6357bc5733087226e84420a95a6d40f9662e1
25afbe8a97386e1a035d5f7110657ba82542d0674d774639a9a43876512680a8
GET /sarvi/usps/verification/files/calendar.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 2579
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:58 GMT
etag: "38fd-639162a5-125c0b;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130641
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fg3svbe%2B67uWzCcPzqn40imkqJBx3lEwl6iQXnuIJpiM7U49gtY1ZZvmrkNdugZO68toATG0u0UZLUWiwwe2ZvYv0GeZZSY%2FUB3IbkzrFVFgjjRWwy41KpAnkgTwYg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21603e90b4f7-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/bootstrap.min.css
172.67.186.38200 OK 20 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/bootstrap.min.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (65371)
Hash ec9bab633f2ee3045bedeea06f32411b
4e27dc2d1bc1017f8c138afb9c055d109cc82103
bd6c6325af8b9c06605fb07b68bcc58421849d5cc7eab67f3f017017dcef1340
GET /sarvi/usps/verification/files/bootstrap.min.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 19690
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:58 GMT
etag: "1d903-639162a5-125c09;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130641
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vt8UnqN3SLS5kMimDZBdJqqw1W6QdRo1dTx8qUwYoL7%2Fi9ucsI%2BYyS%2FiuUeWlcLUWF7Wr3BoTKQ7UzN%2BsBuy1nRJXc15vI42S5wgXSigslqvPHVJgXINDyLo7GQKuw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21603fdb0b65-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/main.css
172.67.186.38200 OK 13 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/main.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (49380), with CRLF line terminators
Hash 5d4b7ba860d35eed871f7ed86b6cda32
20ec5bf32b64db15838aa2038dea8954ca4eeabb
3291b2b9a45d4479b22b755401757f5fde42379cf6e173a4669922d8c22f37ab
GET /sarvi/usps/verification/files/main.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 13312
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:59 GMT
etag: "1370f-639162a5-125c28;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2BNsqtWAzCYgAH0rZ%2Bc7L9IevE2IPGZaHCSLvbYjhv%2BxG6NRDWzAzJiA03Tq6jkkhtyffFuPs6S6NxY5p2cbeycm90mwue9u2wjdD2lzy3geoniGXaH59dkpeyFHpg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f216088620b65-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/tracking-cross-sell.css
172.67.186.38200 OK 1.0 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/tracking-cross-sell.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (3075), with no line terminators
Hash 797100b379ef4b459b884be14bbb6e4f
0683d9a3ead422cbf0e163d0ae0d61e51d6f1236
bbf22e1882686844926ae028f381e94def083d8b511f80edc3cfb5d8ccfa781f
GET /sarvi/usps/verification/files/tracking-cross-sell.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 1048
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:59 GMT
etag: "c03-639162a5-125c3b;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHM%2B9DP%2BGeGF46XDmIO4V4sOUNGeLGHXkACDY5K%2BRDtNFysO9omTYzzmFOqZCzUn243zkZAKUXIwaVENIHM4W8PentaejXHAgYuMWtV94wzqOpBET30tDi3shJSBlw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2160a8820b65-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/jquery-ui.min.css
172.67.186.38200 OK 7.9 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/jquery-ui.min.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (29153), with CRLF line terminators
Hash 770266d7d40da4ad1a7b171b6d167346
f8893a9442af6605400881396fe06f56c93bd23f
b74ed12758ecf80f0ee74d841fbe5beabec873ab3b66e98bfd893983fb0eee96
GET /sarvi/usps/verification/files/jquery-ui.min.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 7869
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:59 GMT
etag: "7d19-639162a5-125c1f;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JFGBCQVLmE5H5vSEDQEtEsHHA1kIROQ3zR8SjTTFSMEJcxvs8yYk51qx2maC9g7B1nUZzvNRV10AvagLvqu1ctDhqPfnqUzLdidLb6a6fY5tkqtlZCr%2BhAQLQwj5Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2160c8ab0b65-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3b6374f1d621e5ad64d520fe18dff479
58bf0de423087cc249c36824ca9413ca5ad2561c
7aa8432ed21a112a1e117c4ce80981a03231d4e2c0a8e582d52ff4521d8e15aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4883
Cache-Control: max-age=104584
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:31:19 GMT
Etag: "6392454c-117"
Expires: Sat, 10 Dec 2022 21:34:23 GMT
Last-Modified: Thu, 08 Dec 2022 20:13:00 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
fast.fonts.net/t/1.css?apiType=css&projectid=ee38900c-6459-4e0c-95d6-896c0208d3d0
104.17.224.78200 OK 0 B URL HTTP/2 fast.fonts.net/t/1.css?apiType=css&projectid=ee38900c-6459-4e0c-95d6-896c0208d3d0
IP 104.17.224.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t/1.css?apiType=css&projectid=ee38900c-6459-4e0c-95d6-896c0208d3d0 HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cyto.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:31:19 GMT
content-type: text/css; charset=utf-8
content-length: 0
x-amz-id-2: T0ZH1hXNoB6jtguc1LneBuShAW+pnL1xXkATYgstf9s/Ek+CPWrz2AkHZOlSFb4Uzx1M4Yl24Z8=
x-amz-request-id: PR33JFF0ZQ6CYPJT
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
cache-control: public, max-age=0, s-maxage=604800
x-amz-meta-mtime: 1519217722
x-amz-version-id: null
cf-cache-status: HIT
age: 554332
accept-ranges: bytes
set-cookie: __cf_bm=fnlsjlx7SiqhnEl9PcsCi_JtathrLoPK_J4_VnExTMA-1670603479-0-Ac9kXEWKNYGfQ4OmF+6IM9MWrDdtv919ReYkcpATv329reA8iEEUzfNViYZ75ieGv0szWXRyvJrhpiy73r97kaE=; path=/; expires=Fri, 09-Dec-22 17:01:19 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f2161dbc6b4f9-OSL
X-Firefox-Spdy: h2
cyto.com.vn/sarvi/usps/verification/files/metrics-all.js
172.67.186.38200 OK 3.2 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/metrics-all.js
IP 172.67.186.38:0
File type ASCII text, with CRLF line terminators
Hash 5bd74908cfaf25023eab69ff6325ebad
dd70974f298312d49d98a4e8066152d84cc92826
c5836d588801c67621ffecad7b9c99a1939be3c6ea9c442d74d12004b85d3438
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/metrics-all.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: application/x-javascript
Content-Length: 3215
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "2bde-639162a5-125c2d;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OSUsgdGXe1dCC4wSPoAtlJqPuz9QsY5YTuW36dyEdl4yzNAtZwxzr9LUmVVUA%2FT6wwC%2BEGkHTVCRDe4AZnePaL3cxIHGjSAz1iRpCzPLaeBcuHQlDCDC%2BsbPk1Oc%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21603920b4f3-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/require-jquery.js
172.67.186.38200 OK 92 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/require-jquery.js
IP 172.67.186.38:0
File type ASCII text, with no line terminators
Hash 6ce214c362fc1910a6ccda7dde4f1628
a3c400aa0daaa3a2f5b285feccb369e35b486a89
20c4e055502233d4088725a990c6d26894639753e810ae967bfa21915ea61be7
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/require-jquery.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:59 GMT
etag: W/"4a-639162a5-125c33;;;"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shoH50pdbZs6eSn7xtoFS0qHv3T%2BCX8VaHTE2okHtXYCCQc9CYxsmxRjQ30zE71mS%2F6Fn%2BpN8dbpuxUfX4oVUrrnHYdRPVGjAl2PUZy5RCVxNYhRMBqtSAFWJiUzWA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776f21636dbbb4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/footer.css
172.67.186.38200 OK 974 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/footer.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (2933), with no line terminators
Hash b611fdf100b35a33f41b3ce5481140ea
6a1dbe40f2e5794b049429f90704e654202e9c6a
7d9057f5e50850fcf2328dc405d8ee26149524f4afcbaf419f83e0b3e7aa52a9
GET /sarvi/usps/verification/files/footer.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 974
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "b75-639162a5-125c11;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1dcBonBhUnt39PG6yDCMbvm6NlAtBDAyVoksIgdfcCQJkWeXMd%2BzT8MNvPmrMDqubh2sL6lrTqNH2J3Q4DZRDLHP%2BORRxDDkVhqmdtRsXebhQN00L0wTIhotmkYhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21603d0f0b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/datepicker3.css
172.67.186.38200 OK 2.4 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/datepicker3.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (20872)
Hash 69bd638091a5922cfa5aa06da089175c
57577cbe76db20ad3f29fa5baa749dfca948aef3
a48751d686c78929ac1303b169da95d32ef0e829680208be0c46382776830fb2
GET /sarvi/usps/verification/files/datepicker3.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 2424
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "527d-639162a5-125c0d;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yLpJf0Sjme7Xu2zuRsyc3TfDWeH9s2R1MkThdGqvf0TfgDXuxHBShsdI7x1MzSHeCyIswlGk0M1XFX2QxP9ZRvoOntIr%2BAiI%2Fbhy5eJCsUo5YS9VA5DgOAaGBq6yyw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21606ec1b4f7-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/schedule-redelivery.css
172.67.186.38200 OK 4.7 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/schedule-redelivery.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (23038), with no line terminators
Hash 7083e43ac731afa1f12fc1ccd3c73041
338ebbbf9236f1f96ee0bf5e6d7a09a2b6ba7c37
0904b54d0a25d43cc0e642c3e8a265ec388db2684af6f28c28cfcc6fa7f037c1
GET /sarvi/usps/verification/files/schedule-redelivery.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 4697
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "59fe-639162a5-125c36;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SwWLcrs3wl8y1v%2Bz3w3nqnTItS1VHIkiSwLd0CbC4z1SHQ0ghCYWEG0uoqVlZSUHgRNYYLv1vU70LQ0xJMZxUyYx%2BkHjTyUV7zs0qZXz1olo2Mj64mhcse6Ge0Tfdw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2160e8c70b65-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/optimize.js
172.67.186.38200 OK 35 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/optimize.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (1972)
Hash e67590eed08cc6da008bc03b0aefec97
414b1ed2484ffb5cd61250d2cc21ad840cddd6bf
a4426c2d26c633f329ec6e9bdf1518ee0c5fefb887cfaa08ed14bb982125e6cb
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/optimize.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: application/x-javascript
Content-Length: 34969
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "16b8d-639162a5-125c30;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4sA7YSWzhF6tLWGd2JKD1%2BHtXqbvfGnHrsrSYdsV0Uq7%2FLOeemuv0P%2FpTJaeZl4RmYbLhZ8bi4YZ%2FPkfRHzyhCmjp1odDkD7aTwX8gdIlEwYi5cjGkoRJ7SKrotlA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21603fdab51d-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/jquery.min.js
172.67.186.38200 OK 30 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/jquery.min.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (65453)
Hash 85c82b3e7a77140eb9027521d13218c3
f7454a473b91ffeb35d5f69aa39e9267ed41db34
9026aa1fd6d8140287a2e67870dd32fd389218ef3e321e8a40b4f51bbd74f956
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/jquery.min.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: application/x-javascript
Content-Length: 29650
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "14b60-639162a5-125c20;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xneH83UKAUFrKhvmSbSIK7NHsXIYpNBH9DjVJCMZF5%2BxmfvbKrUWV82%2B9PiAhOMbWPLfHXaxo3qNvXthsJfhaDnWBRrQrs%2BTtkyjga2SCVy3X28k6pr7tyHrlLbqA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2160296fb51b-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/resize-manager.js
172.67.186.38200 OK 468 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/resize-manager.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (1040), with no line terminators
Hash c3b3701e4d93d1bd2e169501de0388d8
67ac4802c71a748fc8cd2d4e847dd423029fc61a
7fce227383dd0cbd23ae0fe59344a713851b2d6d3f590b59ea192926448ec589
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/resize-manager.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: application/x-javascript
Content-Length: 468
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:59 GMT
etag: "410-639162a5-125c35;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130639
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6HI5HqulLqNbsen00VNGGYqilq7VQ0pebzJ75kQRiAK1HzHfSYsr6VK8TfbC%2BjEZv60hsmRPyqXclCSR37aFHMeKXtxhnQmh6AoJH01mjs28w8Yr%2FQmXBX7Mfs1QHw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2164ddc6b51d-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/megamenu-v2.css
172.67.186.38200 OK 6.9 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/megamenu-v2.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (44725), with no line terminators
Hash cdb0b5a380d76f89923182936ea8add4
3953994e68f4d835d930763240beeb62f6f55ab3
0a0198fb984febee0fa81c24e6de5b11439e27dc87428c647213f7d505da1174
GET /sarvi/usps/verification/files/megamenu-v2.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: text/css
Content-Length: 6934
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "aeb5-639162a5-125c2b;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130639
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZjjCq3UK3yuOKJzAreKv5A1tjeWlx%2FQlhpixXhf0XquzG1XiNqtMbcS2hcZgUBo4%2B4fIgb9T4TNxfeXlbA68oyATxsCLixEAJAFc7l80DC1pUUolfQRTc0vomNiCw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2164fdfdb51d-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/jquery-3.2.1.js
172.67.186.38200 OK 30 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/jquery-3.2.1.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (32058)
Hash e95432d97d0ea36fb79ec7a9463ce0ec
685e5ade79a59587076c397e7677adbc9e4661ce
732435215c507df3203bce1b72a8d7d0e50cca54c667f05dccd1aa4fcf6d7c71
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/jquery-3.2.1.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:19 GMT
Content-Type: application/x-javascript
Content-Length: 30178
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:13:59 GMT
etag: "15283-639162a5-125c1d;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130639
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EyoWVsU1gns44wStJeFQRrOGGha3SOfb4siKwmWFgen%2F9oyR25%2B%2FEAE6zhg8bxo%2FRdDTAcX6dYElrAjd%2BLovCJ9w1vHKd1aBZZjzCqDzXZS9yFDz1iFVSjIJq65rg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21652e33b51d-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/search-fe.js
172.67.186.38200 OK 912 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/search-fe.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (2235), with no line terminators
Hash fc888dcbfa3def650e24177230959bf7
924d1550865e34c9bf7948b60f13bd2901257f96
988300b681f9befd23f6cad2858c0eaf800ed4d085bdf37bc272b1f95afb3ce3
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/search-fe.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: application/x-javascript
Content-Length: 912
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "8bb-639162a5-125c38;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnwqXCRg6ltzrkY3hP2bPli4KnDj3mOLeMpu%2FH%2BfZwZrfT8%2BDLf8x%2BV5iZcnDao0hwpP1%2FUX%2FXyc%2B0VGSwIz9PIlpONtZpqjpId21mDGwJn4uM0Pi6aEY8kyOiofng%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f216398130b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/megamenu.js
172.67.186.38200 OK 3.0 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/megamenu.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (3410), with CRLF line terminators
Hash 3e9f46871edb7da82c271e157123c697
4f1b9761c1319bc5ae4fdf9edf4de71dabbc9530
05824529af096f21d4870b4dc8e3c3616448ad99b3f02fcd46773b489bfbc520
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/megamenu.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: application/x-javascript
Content-Length: 2994
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "3651-639162a5-125c2c;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k7l3XTxSEERwtI%2BycbCzlri2t%2FZfkUnFGqo3NLASw4FnElKz4%2B53i378LydekpLY787KvVp9AjmRYs8tC4x3STEyXAYfUM6RkrVZ3VY6bjDQsBshmAWNXTwj6YKLuA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2166ab210b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/helpers.js
172.67.186.38200 OK 358 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/helpers.js
IP 172.67.186.38:0
File type ASCII text, with very long lines (695), with no line terminators
Hash 2fc1a84aa717ba9ca2584c632d0bfb42
e3f89c1d5741bd85f5b20923a71a53115d0aa6b4
faac3ddb5c8775e66d1d0d3fa7f81695abe17c196589f02d31cd1bc9e91fcac3
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/helpers.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: application/x-javascript
Content-Length: 358
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "2b7-639162a5-125c1b;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0iIaQu0rs1OiuRMXUVxsv%2BceZX58LAZpk8NSwxJNNrWhreMRVBy8QLHverroRXqsUKpXFtvieSA%2FWNNiaVFJtQXPNyUY3nfluueeh5Brg9s%2FwppxAFAEdQ3DR9Mhw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21638defb4f3-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/qt.css
172.67.186.38200 OK 9.9 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/qt.css
IP 172.67.186.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1599), with CRLF, LF line terminators
Hash 8109443a7dc0e83c49749cf1f73278fe
dd257c186c6315436ff1182d7cda641e62204eeb
1ad7c724d694d2ece8981c6623f2ec8531dabd2ea48da09c917777c0e124f6dc
GET /sarvi/usps/verification/files/qt.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: text/css
Content-Length: 9892
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Fri, 16 Dec 2022 16:31:19 GMT
etag: "c800-639162a5-125c32;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cW8Osrp4llVMVXZklbdSPkL82qRXP%2FeQSArQpPhtx1VTl%2FvNLNG5eIsfq0457dhprJeXsbYQkYExiQC7tbMy2eqRi1HEGCdsu6WQ6P81OglGO40NyF7M%2BoChceo6Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2163baceb4f7-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/OneLinkUsps.js
172.67.186.38200 OK 1.1 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/OneLinkUsps.js
IP 172.67.186.38:0
File type ASCII text, with CRLF line terminators
Hash eb0bb187b7bffe4cb376b1e1b16fc7f5
819a3650aaf6498d89dbab4803d8857f34fd888a
2f0451d1ef71661fc4088dde8d5598024e9e8e969b95c6c7d018566513d7c928
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/OneLinkUsps.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: application/x-javascript
Content-Length: 1067
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "e37-639162a5-125c2f;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2%2F1SDL%2B8IY9TOwOERxJdap3mw5xOAWlvDQWPTu%2FH%2BcD%2BL2b5FHvUicmjHhqWzV3n%2BOgieAx7gtKY5VNkgDPnfEerj0Ew0dlTXLx9SDXOBkK8g4xuXtaU8qIojr3PA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2166cb3f0b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/header-init-search.js
172.67.186.38200 OK 333 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/header-init-search.js
IP 172.67.186.38:0
File type ASCII text, with CRLF line terminators
Hash 9673ae677904a3355314af8be4df2483
e6458d61b4d532f9d6b3574f3ad525820fc14790
ea58539a8d67fbe400e5c6279a761239e34b0ebef65764bfd6cf14989b8a6140
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/header-init-search.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: application/x-javascript
Content-Length: 333
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "388-639162a5-125c1a;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sgivavb83%2BvLOCGx%2F4fGgSzkFDFrawa3%2BRxFzrCZ3GqoXHkSqBYx7VFGFxQ%2BnQqY6EaxhThC8FuCBRmb55xXQvGZs9h3p3iW1SoECJBchNiBOP9lU9oKFeH3jTRCeg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f2166eb660b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/megamenu-additions.js
172.67.186.38200 OK 530 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/megamenu-additions.js
IP 172.67.186.38:0
File type ASCII text, with CRLF line terminators
Hash cc9e399d7dba7d353f80760d5e2d020f
68520e86e59a63ed4a5582db884b4c13f93c30e4
75ac232e18210a0cf17e7ed41c0f118a7ba90924c659ec67560adba649bb4f1b
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/megamenu-additions.js HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: application/x-javascript
Content-Length: 530
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "541-639162a5-125c2a;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rifjZXAUwX66ytN96NMSmWnkDYlqlkvLPCz5vxfy5ek5ZlYGPPYbXwrqE6jD7%2Fu79Tmm6MkHKxwYkJXXHyCc36Fh1smt%2FUXxptCRqYs7m1H5xYdtwoXMb1ChsON5aw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21670b810b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/main-sb.css
172.67.186.38200 OK 2.8 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/main-sb.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (8795)
Hash 381b1bb27a66e54f197e3b8e6ac72f7f
1b33ecbac8638153dd7b5455c401c564bade24cd
58e684fa6b35b4a71263e158952ebcc3637952da1bcf2f7109da9045e9532578
GET /sarvi/usps/verification/files/main-sb.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: text/css
Content-Length: 2801
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "225c-639162a5-125c27;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130640
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLQkvkLis3CRGqB5woeM1R%2BsyoJh%2B6JPtUYByHvxWn%2FtRA3RJhraXj%2BuA4wTrZK2BaxwToX38NfpY%2FfjrdfgZTzM3reFS72%2F0YPEv93%2B13l200fkayNgAePuCEXEXA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21671ba70b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/footer-sb.css
172.67.186.38200 OK 948 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/footer-sb.css
IP 172.67.186.38:0
File type ASCII text, with very long lines (3179), with CRLF line terminators
Hash f3acd9a18becfb87676e409420d5a927
93725131bbdc90c3f69c03b885e4cad0ff0f6700
cef7622380ea31cdcbfbb1dd95a85919ccdfef03945534aa620d9c0a8f5b1b8b
GET /sarvi/usps/verification/files/footer-sb.css HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: text/css
Content-Length: 948
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:00 GMT
etag: "c6d-639162a5-125c10;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130639
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ukfyewyE3lajYOfDHYP5qIkT6yNNQv%2BrIYcbxZbrdYbpeE%2FBWgaFpHKwnrgrM3nDj2BnzlH2%2FrzXsv%2BvajCQLstKhGe18%2BYydcT%2FKkrOmGBj%2B94yD972qxBUWpD1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21673bd70b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/logo-sb.svg
172.67.186.38200 OK 1.6 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/logo-sb.svg
IP 172.67.186.38:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash c8cd694091256e9e622db809e3604157
0876363e046c8fd1cc641a74477847bca1e3f325
4c1f2d664fb8e66307932ba589cd6a50eaed3b33a300bd1aa51ec9014ebe5f5f
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/logo-sb.svg HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: image/svg+xml
Content-Length: 1610
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:01 GMT
etag: "de5-639162a5-125c24;gz"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130638
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QDpX1tTz0ptoz0dixBe5kvbDQr%2FeKqReIMeSQduvYvdaWoGis%2BSzDOt%2F2feDpXBMc9gFghqvDq4aMSzOKfNEJ2xF%2BNl%2Fdn9FHqX6c24AavIGdBnI3SGfwJ%2F%2BNsfGDg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21675bf40b51-OSL
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/jquery.min.js(1).download
172.67.186.38404 Not Found 722 B URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/jquery.min.js(1).download
IP 172.67.186.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 27436b40715f70fa783bf9509de00b70
bf8852e4108c298c260a0349bba6a07008a49933
f1835d6f172b5cbe2c4c931e5ea9c7be50e05755864d394ee3b2682354db0027
Analyzer Verdict Alert fortinet Phishing
GET /sarvi/usps/verification/files/jquery.min.js(1).download HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, no-cache, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eINQ%2Bed6ejPfXEnSaA9AeFJ7nVzTeR%2F0KehUCsDY4Z%2FRlX7o2Aj7y40emUcp4V6ACgIn2cBpmNH7%2FkQmP5ycQgssSa0fYXyuMlKx3fIv5%2ByhGD1Rd2GLRXzk5uYzXg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776f21642c070b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cyto.com.vn/sarvi/usps/verification/files/go-now.png
172.67.186.38200 OK 20 kB URL HTTP/1.1 cyto.com.vn/sarvi/usps/verification/files/go-now.png
IP 172.67.186.38:0
File type PNG image data, 210 x 142, 8-bit/color RGBA, non-interlaced\012- data
Hash d0dad9004bae0df70b06b75557b1df62
4a080764de6b97902413f5c836432a30da348517
2ff8048ab175abf501e134d00a973ca31a7b0de09c2777eab0a2c9dc07ca0289
GET /sarvi/usps/verification/files/go-now.png HTTP/1.1
Host: cyto.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cyto.com.vn/sarvi/usps/verification/
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:31:20 GMT
Content-Type: image/png
Content-Length: 20334
Connection: keep-alive
cache-control: public, max-age=16070400
expires: Thu, 15 Dec 2022 04:14:02 GMT
etag: "4f6e-639162a5-125c18;;;"
last-modified: Thu, 08 Dec 2022 04:05:57 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 130638
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qKkEXczTqlHySmQ7kLRqLzGtHe30pFW3VC3nrjyXqMLiVILKX%2BkXb7fB2%2B4%2BeiifPWEi4CRDS78L9fDkSiKhYh5j9R0dXYo2OM6R%2FXGeJeAi58jwIrRn%2B%2FqY86gUQw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776f21677c090b51-OSL
alt-svc: h2=":443"; ma=60