r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5388
Expires: Wed, 29 Mar 2023 15:46:18 GMT
Date: Wed, 29 Mar 2023 14:16:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3379
Expires: Wed, 29 Mar 2023 15:12:49 GMT
Date: Wed, 29 Mar 2023 14:16:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Retry-After, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 14:15:56 GMT
content-type: application/json
age: 34
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3738
Expires: Wed, 29 Mar 2023 15:18:48 GMT
Date: Wed, 29 Mar 2023 14:16:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Mr0J/Eq+Q8v2aXThuXJJzTwVQ3LTn0FRnJV1iHuWgsaRG6I4fp2Jgu7QVi91xw0Ftxd1HR4EiHg=
x-amz-request-id: 29B3XTC5W6EVSRC8
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 14:02:31 GMT
age: 839
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 14:16:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xenangnguoivn.com/Netflix/net/login.php
103.81.84.33301 Moved Permanently 707 B URL HTTP/1.1 xenangnguoivn.com/Netflix/net/login.php
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /Netflix/net/login.php HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Wed, 29 Mar 2023 14:16:30 GMT
server: LiteSpeed
location: https://xenangnguoivn.com/Netflix/net/login.php
vary: User-Agent
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a740252e7b24892a3e34f6dfed6e3bde
d44d21abb95edd1ccc775632254f11ee94fb585e
e289995a2b4b340364dd7dfa32c79c7722ece6cc4b893b38fc68bbce680d2f94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E289995A2B4B340364DD7DFA32C79C7722ECE6CC4B893B38FC68BBCE680D2F94"
Last-Modified: Mon, 27 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2529
Expires: Wed, 29 Mar 2023 14:58:39 GMT
Date: Wed, 29 Mar 2023 14:16:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, ETag, Alert, Last-Modified, Retry-After, Content-Length, Pragma, Backoff, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 14:14:36 GMT
age: 115
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3418ce0583762d831fd659102344265f
9558da4ac835fcf740352dc6fb4637ff651ad7cf
6d6cfa1221710a3a49783fc5333cd1a8bb710a978666e82cba23ff14e08fe5f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D6CFA1221710A3A49783FC5333CD1A8BB710A978666E82CBA23FF14E08FE5F8"
Last-Modified: Tue, 28 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21490
Expires: Wed, 29 Mar 2023 20:14:41 GMT
Date: Wed, 29 Mar 2023 14:16:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11796
Expires: Wed, 29 Mar 2023 17:33:08 GMT
Date: Wed, 29 Mar 2023 14:16:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11796
Expires: Wed, 29 Mar 2023 17:33:08 GMT
Date: Wed, 29 Mar 2023 14:16:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11796
Expires: Wed, 29 Mar 2023 17:33:08 GMT
Date: Wed, 29 Mar 2023 14:16:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11796
Expires: Wed, 29 Mar 2023 17:33:08 GMT
Date: Wed, 29 Mar 2023 14:16:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11796
Expires: Wed, 29 Mar 2023 17:33:08 GMT
Date: Wed, 29 Mar 2023 14:16:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b185c2d-7167-4369-8cd8-7c5017834382.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b185c2d-7167-4369-8cd8-7c5017834382.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 088ee9246dd360ff8df1cfd861295d39
6e224650d4c0315d8218e2522fc9a0f1ca81799f
48ae55b65f6bb6f15580d28adc558b96086fb293fef375e7ab57944bf4301ae1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b185c2d-7167-4369-8cd8-7c5017834382.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7466
x-amzn-requestid: 229ed535-832e-4328-bafd-0cf2dec18fbe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqLF8-IAMFzcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca7-61d293a52a1a02130d0ffa53;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:43 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Vv1wV3qd-r8C4ca3ISCAUfERPrEWFeTGKFgK8Zo1tnrAYdzMQW0Yug==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 00:46:09 GMT
age: 48623
etag: "6e224650d4c0315d8218e2522fc9a0f1ca81799f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -XwoHom5AT8j5yHNvfnYQ-9xIqVpsyDffwFM0d_ESJicJvL8pTcABg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:50:28 GMT
age: 59164
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: FHONNj6M7I5oVTKAKYspq0ZAJMYohURXs5ufSL-r--zCSdjuSvrpSA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:51:37 GMT
age: 59095
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 2LLHDcPZsSP1XPxH7agC7FhVwQQXfrWq3CEOSz0mBTjGykXxNQIq9Q==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:56:00 GMT
age: 58832
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8afbc872d18847aaed67054dbfc2d31b
6eb894c4aa4fa53d9a3d4b948b5e65b7e9a76d5b
65c2b5fe2a3df654cfed7e7721b2d8f08665a72bb358b4d6e30e7cba853336e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5414
x-amzn-requestid: b6795b2f-1460-4516-bac0-9148e9868fa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguaYF5jIAMFmiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ddb-42762e4f0aa5e6050f82d138;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:27 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: m58cZVJmakcZ1uuctpXkKhsB7_LGUZrxkCV5G8B17CYVYOl5QpjR1w==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:51:37 GMT
age: 59095
etag: "6eb894c4aa4fa53d9a3d4b948b5e65b7e9a76d5b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fede24709-db3b-4687-8715-b976f42d5650.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fede24709-db3b-4687-8715-b976f42d5650.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 096bf7a8a2bfe48c19e6bf6887145e64
6193039864cae4ab0163f3a7d45613fb86e6be14
51625131b04aa5294e90062807ca728b7a41db79ea069cd238711f8ead5ecd8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fede24709-db3b-4687-8715-b976f42d5650.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7630
x-amzn-requestid: 5f162d03-0d82-4cd6-8812-4dac159bc2b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY9HwhIAMFeOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-670279397929c69c0ee58b35;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LBOtzCZ-Ef7MsXDj9uh8QSi4jdLTSR3lEtZqRrU6ldmCZVqvpoAQmw==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:57 GMT
age: 59555
etag: "6193039864cae4ab0163f3a7d45613fb86e6be14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e10c0c62a68346a599a245ad2d85fbbe
a79383efdb28292b6e2112da2344915a97eb7888
b239a83a0672895d5960617bba31f4404a4c103eec12d4e975aaf51204e1f953
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e10c0c62a68346a599a245ad2d85fbbe
a79383efdb28292b6e2112da2344915a97eb7888
b239a83a0672895d5960617bba31f4404a4c103eec12d4e975aaf51204e1f953
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
images.dmca.com/Badges/DMCA_logo-grn-btn100w.png?ID=a2d305b7-62bb-4d8e-a1e4-727a8fe79244
151.139.128.10200 OK 3.7 kB URL HTTP/2 images.dmca.com/Badges/DMCA_logo-grn-btn100w.png?ID=a2d305b7-62bb-4d8e-a1e4-727a8fe79244
IP 151.139.128.10:0
File type PNG image data, 100 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash f3bc891a4d23e7f1d28acceda596e9df
1501cbbee5ad990a482c9cce71b06509024b7edb
c9604d43e9ef350f22eb191f170a6cb8787feb44c22feabc9bcfbc90317e200e
GET /Badges/DMCA_logo-grn-btn100w.png?ID=a2d305b7-62bb-4d8e-a1e4-727a8fe79244 HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:33 GMT
content-length: 3713
content-type: image/png
last-modified: Thu, 22 Apr 2010 19:55:17 GMT
accept-ranges: bytes
server: Microsoft-IIS/10.0
cache-control: public,max-age=31536000
etag: "b4f45bb55e2ca1:0"
x-powered-by: ASP.NET
x-hw: 1680099393.cds021.sk1.hn,1680099393.cds067.sk1.c
link: <https://www.dmca.com/Badges/DMCA_logo-grn-btn100w.png>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-173464817-2
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-173464817-2
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash b1b6a57b7c0b69716c4af912a18d1d64
ba7e18b237b8fe5d161ec42b6c322ef7095e97b3
8fef89ca358b56be38dbc6646649ce751e074cf064e147f857bfbe381e546ef0
GET /gtag/js?id=UA-173464817-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 29 Mar 2023 14:16:33 GMT
expires: Wed, 29 Mar 2023 14:16:33 GMT
cache-control: private, max-age=900
last-modified: Wed, 29 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44797
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-957331839
142.250.74.168200 OK 52 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-957331839
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash c57e729650f0082c875b38411d375e63
4a4ad954534568ce8a440e41c6077c8c93b928eb
a04f0e66ea10517e6323666a04af26af6c8723d14c0c919d370d191b0121fe62
GET /gtag/js?id=AW-957331839 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 29 Mar 2023 14:16:33 GMT
expires: Wed, 29 Mar 2023 14:16:33 GMT
cache-control: private, max-age=900
last-modified: Wed, 29 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51584
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e10c0c62a68346a599a245ad2d85fbbe
a79383efdb28292b6e2112da2344915a97eb7888
b239a83a0672895d5960617bba31f4404a4c103eec12d4e975aaf51204e1f953
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3418ce0583762d831fd659102344265f
9558da4ac835fcf740352dc6fb4637ff651ad7cf
6d6cfa1221710a3a49783fc5333cd1a8bb710a978666e82cba23ff14e08fe5f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D6CFA1221710A3A49783FC5333CD1A8BB710A978666E82CBA23FF14E08FE5F8"
Last-Modified: Tue, 28 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21488
Expires: Wed, 29 Mar 2023 20:14:41 GMT
Date: Wed, 29 Mar 2023 14:16:33 GMT
Connection: keep-alive
xenangnguoivn.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
103.81.84.33200 OK 12 kB URL HTTP/2 xenangnguoivn.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Fri, 03 Mar 2023 09:47:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11616
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.1.0
103.81.84.33200 OK 1.2 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.1.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (5305), with no line terminators
Hash 8869d434cd2a3350017c5dddb6b6c624
218f6b304da36e0e5c1212e2b8afd934f2801a93
80727ae14af6bf4636a9455f87ce0e83429bacb577965aee4d0ce980759bf7e9
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.1.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Mon, 22 Nov 2021 06:43:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1207
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.1.0
103.81.84.33200 OK 19 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.1.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash a74053a384baf15f084b143b0e0f1dd3
4a6705bd8f3573439f0ad1311033c786abd99b24
c665c0f1a95e5b903884e255074ae726f4c2b88f4302a26ebd36f94f4a45097d
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.1.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Mon, 22 Nov 2021 06:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 19218
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-includes/css/classic-themes.min.css?ver=1
103.81.84.33200 OK 144 B URL HTTP/2 xenangnguoivn.com/wp-includes/css/classic-themes.min.css?ver=1
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
Hash fcbd239f30d9a6dd1f3637f291143d37
2871bf7d98af3f43e42f7fa32808048e7134fabf
c2f98e9d71f782b7a3266cd337c61ae6c8dcbb7203669c07852aa2ab65ab6144
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Fri, 03 Mar 2023 09:47:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 144
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/kk-star-ratings/src/core/public/css/kk-star-ratings.min.css?ver=5.2.3
103.81.84.33200 OK 477 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/kk-star-ratings/src/core/public/css/kk-star-ratings.min.css?ver=5.2.3
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (2241)
Hash 6fc561859015bf319c184a402ad2392b
7b6ba71a31cf4a97d7199fa5c50ce91eeeb40d4c
4b066be62f09cc789c5ed7b1201c616a1ef9759e5f698660b95d4ee92b079c85
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/kk-star-ratings/src/core/public/css/kk-star-ratings.min.css?ver=5.2.3 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Mon, 22 Nov 2021 06:33:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 477
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106
103.81.84.33200 OK 378 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (1156), with no line terminators
Hash a6928aa91112567cad0fa3dc87d869ee
17ea9c46787e2f18e191fd958b2e66516cbd9b02
cd486376d94277581bada0a4dbdfe75d2a4607283645a522dc346edd36838dde
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 08:45:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 378
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/themes/flatsome/assets/css/fl-icons.css?ver=3.12
103.81.84.33200 OK 141 B URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/assets/css/fl-icons.css?ver=3.12
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (327)
Hash 4ee5c96ae0e578212794a5a5b7dc6fab
9c7c7c2b6352be1e9cc8aa054ddf0b44bcc86a3f
a9d6458355feb911cf0cb5783a1ea53434b9243008a77b73e026426a7727f8ad
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/flatsome/assets/css/fl-icons.css?ver=3.12 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 04:40:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 141
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.21
103.81.84.33200 OK 9.9 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.21
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (36852), with no line terminators
Hash 9d95e78cd68d5142f12fb7cdc19be050
a6a20243fa09310840ba144c104d5e3f75632035
692926bf80f178eb4b4d3f8e7651f88b41c3d63dfe4a82f1a63b6c7c67021832
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.21 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Tue, 13 Jul 2021 03:54:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 9885
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css?ver=3.3.21
103.81.84.33200 OK 34 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css?ver=3.3.21
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (65536), with no line terminators
Hash 192c0e5ceeb14e86ef9dd1f1f408d5b1
4dd69652d916ccd1cf200c4721474fcf684492a1
3566f359dd8a80f0b834916d7a8959a82a192c9cc9c9011281a72c5d74107e5b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css?ver=3.3.21 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Tue, 13 Jul 2021 03:54:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 34477
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.12.0
103.81.84.33200 OK 28 kB URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.12.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce80cc5ea3dfb83bc98f33e159fa7454
5b97bd0062df8e55bcd7b628fb4ecbbf5e6dac56
e95df353663e7bd35366b1a3960c6b451a2f311b558d22239bbd173bf3ae3601
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.12.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 04:40:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 27576
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
103.81.84.33200 OK 4.0 kB URL HTTP/2 xenangnguoivn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 04:40:37 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3995
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/kk-star-ratings/src/core/public/js/kk-star-ratings.min.js?ver=5.2.3
103.81.84.33200 OK 424 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/kk-star-ratings/src/core/public/js/kk-star-ratings.min.js?ver=5.2.3
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (770)
Hash 821be6a30e3ed11f567a9353a621a24e
e70a342753336a6bd7e074ab589784ab3eca8c32
d96f805fab4c017e4d0d77f8d77f560b615b021cd56f239bb2102d0007662e3c
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/kk-star-ratings/src/core/public/js/kk-star-ratings.min.js?ver=5.2.3 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Nov 2021 06:33:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 424
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106
103.81.84.33200 OK 2.2 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (6091), with no line terminators
Hash bc966353388572531142d078254a46dd
d813127829e81e4d1b42d7943c5f44887cf03d8e
377527657e160de1456dff3e050ba75f2bf0648fb1a479d5e831441f84b9e606
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 08:45:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2181
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.9.0
103.81.84.33200 OK 3.2 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.9.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (9151)
Hash 2310bfbea6b102d98f1e6e5d2daa79cc
ce50a4b987aceea2ea381932bb41400c4909d0fb
8b34f97d2be93eb99e3316cdf266e6b4088e8e7c15d84906bb9263f8d5e3840c
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.9.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Nov 2021 06:41:15 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3238
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.9.0
103.81.84.33200 OK 970 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.9.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash 155d874ef60217f790dedec58e83d832
42a2698adec25b2000046cf7e3818e6478951fc3
c6801f4d5dcdd86ba3e33dc35a8765c03fd55e9f621443dd0fb7cd8c8e6707da
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.9.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Nov 2021 06:41:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 970
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.9.0
103.81.84.33200 OK 899 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.9.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.9.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Nov 2021 06:41:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 899
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.9.0
103.81.84.33200 OK 677 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.9.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.9.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Nov 2021 06:41:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 677
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.9.0
103.81.84.33200 OK 934 B URL HTTP/2 xenangnguoivn.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.9.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (2938), with no line terminators
Hash ef8ddf2830341f13634a12266fa9813f
45c12d8b054261b0597ffdb97ff55f8ab7a913c4
698fbd0089cafb0659518bf2359ce5c990e71c9a543338fdc7b1595ee11ade22
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.9.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Nov 2021 06:41:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 934
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-search.js?ver=3.12.0
103.81.84.33200 OK 4.8 kB URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-search.js?ver=3.12.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (12801)
Hash 70cbc7ebb657b8543e7a16850bd72f06
52f910087652491f0aed0d9c23029cf9cde73e25
e001ff5cf15b6ba1d367f441370a2fad7baab087af21c7a22d009ddce1ca342b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-search.js?ver=3.12.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 04:40:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4815
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.21
103.81.84.33200 OK 11 kB URL HTTP/2 xenangnguoivn.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.21
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type Unicode text, UTF-8 text, with very long lines (10360), with CRLF line terminators
Hash 04b6e102130fe9c7cf2c3efe3afd216f
db11503d99d5b6d0ac21c75baa8e1a2bace4ce66
5c521dbfb0469aba019236b1b52f4cf14b64a94f316236cbb09add992fe47246
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.21 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Tue, 13 Jul 2021 03:54:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 10660
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
103.81.84.33200 OK 668 B URL HTTP/2 xenangnguoivn.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (1464)
Hash b57bb5f7f55be8837811df1bbfebd197
a9fd3372526724938daa13cba926cff79395cbae
26512154e931a4b5441386af49e0e6d93a298ec6ae9ce2088d292cba42d61c7c
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/hoverIntent.min.js?ver=1.10.2 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Fri, 03 Mar 2023 09:47:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 668
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5dd861cf7ed6952850b659e6e2dbaa61
e1e5607f22c6c0c6a94abc359f8abd73b43c4a76
adf44591e0fb5ed6e420fbf020589dd9ee3d5a0ab426f892f70941509c3e4919
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADF44591E0FB5ED6E420FBF020589DD9EE3D5A0AB426F892F70941509C3E4919"
Last-Modified: Mon, 27 Mar 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11526
Expires: Wed, 29 Mar 2023 17:28:39 GMT
Date: Wed, 29 Mar 2023 14:16:33 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6027f334cb9bbc113870f6a33ecaee68
b09b4e8699ed1776781e3d7f86a63f8719ed7601
054f68de5e740eaa58065dd357c662a3c22119cc7e72002440fd7e5857838c9b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 29 Mar 2023 14:16:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 09:27:04 GMT
Expires: Mon, 03 Apr 2023 09:27:03 GMT
Etag: "b09b4e8699ed1776781e3d7f86a63f8719ed7601"
Cache-Control: max-age=414028,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7af8bb3c3f650b41-OSL
cdn.autoads.asia/scripts/autoads-maxlead-widget.js?business_id=588CF30BC5AD4C93AAC3466C4CB14E39
171.244.15.40200 OK 2.3 kB URL HTTP/1.1 cdn.autoads.asia/scripts/autoads-maxlead-widget.js?business_id=588CF30BC5AD4C93AAC3466C4CB14E39
IP 171.244.15.40:0
ASN #38731 CHT Compamy Ltd
File type Unicode text, UTF-8 (with BOM) text, with very long lines (6384), with no line terminators
Hash 40852cdf248e435f4ebc6a32850ee0d1
f3505ec06b6ba427d18a3711e3ce2e747b911571
b5f7a8a6e3e4832a374966166086f3d25a32808033bc73bc9fa7698b70661b1a
GET /scripts/autoads-maxlead-widget.js?business_id=588CF30BC5AD4C93AAC3466C4CB14E39 HTTP/1.1
Host: cdn.autoads.asia
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Expires: -1
Last-Modified: Fri, 25 Dec 2020 10:59:07 GMT
Accept-Ranges: bytes
ETag: "808f2af7acdad61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Wed, 29 Mar 2023 14:16:34 GMT
Content-Length: 2330
Strict-Transport-Security: max-age=31536000
Set-Cookie: SRVNAME=cdn20_1; path=/
xenangnguoivn.com/wp-content/themes/flatsome/assets/js/flatsome.js?ver=3.12.0
103.81.84.33200 OK 49 kB URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/assets/js/flatsome.js?ver=3.12.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (19155)
Hash 004d93566813d80ec68a36dea2415572
bdfee1f06577175bec8392851e7ee095a6f31bdd
69e8f48734e37fc9588c060159f986338997f66165bd4bbd0389cae0d5fd9a89
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/flatsome/assets/js/flatsome.js?ver=3.12.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 04:40:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 48841
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=3.12.0
103.81.84.33200 OK 4.5 kB URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=3.12.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type HTML document, ASCII text, with very long lines (8876)
Hash 68d75f0bd57c2b1e14be7b13412fbbb9
770cb25900768562a33ed0c0c48e436c518479e8
26e795403d6ecc1f0df7ea734e41d610f269bc7cf23f74d155be0c114e73b9b5
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/flatsome/assets/js/woocommerce.js?ver=3.12.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 04:40:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4492
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
103.81.84.33200 OK 4.6 kB URL HTTP/2 xenangnguoivn.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Fri, 03 Mar 2023 09:47:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4619
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.12.0
103.81.84.33200 OK 5.0 kB URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.12.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type Unicode text, UTF-8 text, with very long lines (22286)
Hash de346d699deddac568ff2599c09151e6
29ca7dd2d8f87e0167abb722c74e3124228625de
e2992f6cc904de0a86cccd080a413f03cd00a25278cb7b7b9ea3954e9e991849
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.12.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 04:40:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 5040
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/themes/flatsome/style.css?ver=3.12.0
103.81.84.33200 OK 1.1 kB URL HTTP/2 xenangnguoivn.com/wp-content/themes/flatsome/style.css?ver=3.12.0
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
Hash fd4e35a9bd9de16fa516198863b5963e
eb2e2ecc28512ebbf6ee30db2464789f7daf7e9b
d2f0305464dae95b9edc145adca48fca1282b71c976e0d18107a23174676be82
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/flatsome/style.css?ver=3.12.0 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: text/css
last-modified: Thu, 20 May 2021 10:05:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1052
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
103.81.84.33200 OK 30 kB URL HTTP/2 xenangnguoivn.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: application/javascript
last-modified: Fri, 03 Mar 2023 09:47:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 30324
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/08/jasan.png
103.81.84.33200 OK 41 kB URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/jasan.png
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash b725a4ebbe2adff25402f17556da2620
236a704d02a0473d9d6066e1149e1daa62978ccd
6aea1ca4cfd80cff8719b3e5c8fbebc868e14d04dfa1c935026493e3803db89a
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/jasan.png HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/png
last-modified: Tue, 13 Apr 2021 04:40:35 GMT
accept-ranges: bytes
content-length: 40715
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/08/LG.jpg
103.81.84.33200 OK 31 kB URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/LG.jpg
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 600x450, components 3\012- data
Hash 9c04255c3c256adab6056094d514ed2d
6432b3f115b729f567150e3e966f3d222cf379f8
da84dad9941b078fae2ceb78e2b46501694a48e25fb4f54ad188698e6a6692ed
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/LG.jpg HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/jpeg
last-modified: Tue, 13 Apr 2021 04:40:36 GMT
accept-ranges: bytes
content-length: 31359
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/08/hyosung.png
103.81.84.33200 OK 8.5 kB URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/hyosung.png
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type PNG image data, 900 x 500, 8-bit colormap, non-interlaced\012- data
Hash 39526b7195b38451775c7a958677b1a1
f313962ba672d2eaf8f7a9aed0ec49e161387012
3990a77b1ecb59e51cd542035c5686b5bd2a6ce8454232e0b157e890e664c844
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/hyosung.png HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/png
last-modified: Tue, 13 Apr 2021 04:40:35 GMT
accept-ranges: bytes
content-length: 8540
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 69d033c232e94b122a0b66e4733f1d57
dca98865e28271c9eafc7307850dbce5126c1a86
d80b57ddab8c2898af0939a454bb1296abd2f964c3bf3eaea2bab7c225d73490
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f963800b69e4efd29c7389de243002ae
24d5d79582fc3d78e1e7fdd40ea8713083605cf3
ce00c7bfaed0249e80deca031fefb6074f803d85b81086705f868c0e7e89ca57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nguyenhung.net/wp-content/uploads/2019/05/icon-call-nh.png
45.63.127.156200 OK 952 B URL HTTP/2 nguyenhung.net/wp-content/uploads/2019/05/icon-call-nh.png
IP 45.63.127.156:0
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash a48ce4305cb2dc71a11d1d488b3324ae
c329352ae45a42489fce48dcc5594f3db8c52028
6c3669b8e2c8d60c9eb6b00acf6b79c7fa2d976ed3cb7ead7f4de59fbfd52fba
GET /wp-content/uploads/2019/05/icon-call-nh.png HTTP/1.1
Host: nguyenhung.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:34 GMT
content-type: image/png
content-length: 952
last-modified: Sun, 19 May 2019 11:44:46 GMT
etag: "5ce141ae-3b8"
server: HOSTVN.NET
x-content-type-options: "nosniff" always
x-xss-protection: "1; mode=block" always
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
referrer-policy: no-referrer-when-downgrade
expires: Thu, 28 Mar 2024 14:16:34 GMT
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:42 GMT
expires: Sat, 23 Mar 2024 10:26:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 445792
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
216.58.207.227200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 11872, version 1.0\012- data
Hash 87ace20058325aa069320aa4af875dff
b743548770c46d905ae1ba06310bc001c587fe8e
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:50 GMT
expires: Sat, 23 Mar 2024 10:26:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
age: 445784
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 445793
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
216.58.207.227200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 11824, version 1.0\012- data
Hash deb26e9b1a25438118e5d39d741ae6b6
a2801defb4c8bed8e4083dfde0b2a5a9c0537020
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:50 GMT
expires: Sat, 23 Mar 2024 10:26:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:43 GMT
content-type: font/woff2
age: 445784
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
216.58.207.227200 OK 5.6 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 5560, version 1.0\012- data
Hash ca3b09b62fda648a4511700413313fd0
109cd4c5435bd6614391bb8722c47c287c96b2ec
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5560
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:27:00 GMT
expires: Sat, 23 Mar 2024 10:27:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
age: 445774
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xenangnguoivn.com/wp-content/uploads/2020/08/samsung-01.jpg
103.81.84.33200 OK 53 kB URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/samsung-01.jpg
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 625x625, components 3\012- data
Hash a9e80d708a99e475c5a1ff1acc793013
d696485d69de79bb9b8578ae650c178807864bcd
6b5f8d2ba70d18891b2d4b9f095323db9227868720f1cbe24bcabeffad138d7a
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/samsung-01.jpg HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/jpeg
last-modified: Tue, 13 Apr 2021 04:40:36 GMT
accept-ranges: bytes
content-length: 53151
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/08/nitori-01.jpg
103.81.84.33200 OK 63 kB URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/nitori-01.jpg
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 625x625, components 3\012- data
Hash 03669873b2be07b4bca68359014f5ff3
ef40549a8807818254128e34a9953a13b98bae08
d5153e336f418064b1f2360256b65885b1ca6977207bb791f875e58b5ba90eac
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/nitori-01.jpg HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/jpeg
last-modified: Tue, 13 Apr 2021 04:40:36 GMT
accept-ranges: bytes
content-length: 62577
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
xenangnguoivn.com/Netflix/net/login.php
103.81.84.33404 Not Found 77 kB URL HTTP/2 xenangnguoivn.com/Netflix/net/login.php
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 3286dcc0b27b3c7207eeb169fb6916ea
e8aee329de71c2afb240dcba61648e4ef24658a2
4ed95925bb1791e946a9ddd18c75e2e278aa82205d77dd1c4fba67cf6e2a37d5
Analyzer Verdict Alert phishtank Other
fortinet Phishing
quad9 Sinkholed
GET /Netflix/net/login.php HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
x-powered-by: PHP/7.3.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://xenangnguoivn.com/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Wed, 29 Mar 2023 14:16:32 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 69d033c232e94b122a0b66e4733f1d57
dca98865e28271c9eafc7307850dbce5126c1a86
d80b57ddab8c2898af0939a454bb1296abd2f964c3bf3eaea2bab7c225d73490
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:44 GMT
expires: Sat, 23 Mar 2024 10:26:44 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 445790
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:45 GMT
expires: Sat, 23 Mar 2024 10:26:45 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 445789
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
216.58.207.227200 OK 5.5 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 5548, version 1.0\012- data
Hash cdaab83619fcacd4027a77c99dd51e69
9e6eae8554f8cc2309b2dae2d9fa217e34eed6a4
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5548
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:28:18 GMT
expires: Sat, 23 Mar 2024 10:28:18 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 445696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d4694.169295134583!2d106.94290606975095!3d10.818038027136623!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x31751f895f5fd7d1%3A0x8ffd26dbf01ce3ae!2zWGUgbsOibmcgbmfGsOG7nWkgQXZpbmEgLSBDw7RuZyB0eSBUTkhIIFRoxrDGoW5nIE3huqFpIFhOSyBBdmluYQ!5e0!3m2!1svi!2s!4v1597135866607!5m2!1svi!2s
142.250.74.132200 OK 1.6 kB URL HTTP/2 www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d4694.169295134583!2d106.94290606975095!3d10.818038027136623!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x31751f895f5fd7d1%3A0x8ffd26dbf01ce3ae!2zWGUgbsOibmcgbmfGsOG7nWkgQXZpbmEgLSBDw7RuZyB0eSBUTkhIIFRoxrDGoW5nIE3huqFpIFhOSyBBdmluYQ!5e0!3m2!1svi!2s!4v1597135866607!5m2!1svi!2s
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3252)
Hash 22207d637419628bfcfa2bfadd6abccb
4fa4fd8d0874c2c00c21037e8b93f7aff007433d
97a984a8883769c472aefb4334dd856591933e881b5c49d0ec636eda928c3c65
GET /maps/embed?pb=!1m18!1m12!1m3!1d4694.169295134583!2d106.94290606975095!3d10.818038027136623!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x31751f895f5fd7d1%3A0x8ffd26dbf01ce3ae!2zWGUgbsOibmcgbmfGsOG7nWkgQXZpbmEgLSBDw7RuZyB0eSBUTkhIIFRoxrDGoW5nIE3huqFpIFhOSyBBdmluYQ!5e0!3m2!1svi!2s!4v1597135866607!5m2!1svi!2s HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-SHaFXNT3Or_fgmBa2PriSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 29 Mar 2023 14:16:34 GMT
server: scaffolding on HTTPServer2
content-length: 1591
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maps.gstatic.com/maps-api-v3/embed/js/52/6/intl/vi_ALL/init_embed.js
142.250.74.3200 OK 66 kB URL HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/52/6/intl/vi_ALL/init_embed.js
IP 142.250.74.3:0
File type ASCII text, with very long lines (2647)
Hash 619f21825910b8aac283173ea46a3ab4
64785a373d254838b6e0c66a9a7084d1326c3e18
fdeaf94b7a5932aa904ededd9cd08e11cba575815d4626d140f7335d7967331f
GET /maps-api-v3/embed/js/52/6/intl/vi_ALL/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 66456
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Mar 2023 19:38:51 GMT
expires: Thu, 21 Mar 2024 19:38:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Mar 2023 21:47:34 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 585464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a8abb9ddbac11d2e41e9705e8a11d125
92b421626219f46561a69bcdbb6d22d7ff99ccd2
6416988334cd8bbafa4de4786e4a7a70334d2f7e5aae0a8dbc09bc7b92589d0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 62f4ae291e4f545342687d27f50f2f8d
abcad5ddca3d2b0daecac01fa4f19639a87d47a5
86fcae8aba71ce5c157220afebfb5ce719bc497a74fbc73ac1ed0551aed28b2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 8.2 kB URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 8f140717188be086461f69b3bfb5ae5c
cbd66498d8d8a352a21ba549a3065ebeb1be6bde
603615519ebfdb1aa29c5285b62317137032abbf19ec92dee41f08590a1a971f
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 14:05:11 GMT
expires: Wed, 29 Mar 2023 14:20:11 GMT
cache-control: public, max-age=900
age: 684
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.66302 Found 2.9 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.66:0
Hash 8d76ec784c746beb0576102c5ba2463e
cb949f842d2cf15b2a8f0e8b3edd45ec40c9db0c
38a06774ec6cd8a86a960258cf2b18515f90b204804d92341a061df1c60f2f1f
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Wed, 29 Mar 2023 14:16:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a8abb9ddbac11d2e41e9705e8a11d125
92b421626219f46561a69bcdbb6d22d7ff99ccd2
6416988334cd8bbafa4de4786e4a7a70334d2f7e5aae0a8dbc09bc7b92589d0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 62f4ae291e4f545342687d27f50f2f8d
abcad5ddca3d2b0daecac01fa4f19639a87d47a5
86fcae8aba71ce5c157220afebfb5ce719bc497a74fbc73ac1ed0551aed28b2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Wed, 29 Mar 2023 14:16:35 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash ed5b7a66ed0bd48a3cb88fb9b10080de
5961051a4eb872b426d90b2d22c51ca668bdf693
77ee5ba65aeff3f306d025c8198ebfd93a2fc98aabc258876743e7ee12461595
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 29 Mar 2023 14:16:36 GMT
server: ESF
cache-control: private
content-length: 31332
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d41684acbe3039969654ece36adcae2
31142aa2c94257d55f110c89cd9a6307efa7cd70
fac6ec5aea166bdc1a7f8d0f7a7c93b18e16db0df9f3c2c1abc6e59f5ddcc7f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/wPBQltvHD74/sddefault.webp
172.217.21.182200 OK 41 kB URL HTTP/2 i.ytimg.com/vi_webp/wPBQltvHD74/sddefault.webp
IP 172.217.21.182:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 576dc0916385fbf53d3552adc4992d86
31992379de5389932b1823e07329de245fceb251
4994c8c953c70ea1a1192608ffa3d0c421574a924d34e4534f548db93631304c
GET /vi_webp/wPBQltvHD74/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 40704
date: Wed, 29 Mar 2023 14:16:36 GMT
expires: Wed, 29 Mar 2023 16:16:36 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash f2ece3e5907870b283917a99cd1af151
12359d23a1436959aef66b98ada87bcb624232b6
d1611493613d9d6dd13b642f7579d831ccbb9d61015775dd635c9a0b7588a54d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2492
Cache-Control: max-age=113164
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Etag: "64235594-1d7"
Expires: Thu, 30 Mar 2023 21:42:40 GMT
Last-Modified: Tue, 28 Mar 2023 21:01:08 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d41684acbe3039969654ece36adcae2
31142aa2c94257d55f110c89cd9a6307efa7cd70
fac6ec5aea166bdc1a7f8d0f7a7c93b18e16db0df9f3c2c1abc6e59f5ddcc7f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js
31.13.72.12200 OK 91 kB URL HTTP/2 connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (18743)
Hash 26fcaacc3dccdd914394d48aacf3a10b
40618e4d01add2579d6404baee4139d4e7e78586
32d6e3a94302435253468a193509515d093f281333e53c026f88c19213f5a698
GET /vi_VN/sdk/xfbml.customerchat.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: ae0bc2681ec2ef117bb1a682ce5c1661
etag: "a8c4d5e7e1714667a8b58c42fd2433d9"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 29 Mar 2023 14:27:41 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: JvyqzD3M3ZFDlNSKrPOhCw==
x-fb-debug: AP/KDWD7TnWDmgceqyj63RK+pMRw0kGXcvpD5iMcTeUAuW/4X6f1sa9735iUKLHwtiqylIz0ZRckNDbM2NNwlQ==
content-length: 91150
x-fb-trip-id: 1904183273
date: Wed, 29 Mar 2023 14:16:36 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f2cba2fa22dcbbc8a8f80e45eab01cb5
6c65f10e5a28c003273bad327a8411336b893dac
907b1ee3ad02582721f09a20fa09244c1ebe29c2a05853e6a9055e4218c35c93
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash f2ece3e5907870b283917a99cd1af151
12359d23a1436959aef66b98ada87bcb624232b6
d1611493613d9d6dd13b642f7579d831ccbb9d61015775dd635c9a0b7588a54d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 990
Cache-Control: max-age=111662
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Etag: "64235594-1d7"
Expires: Thu, 30 Mar 2023 21:17:38 GMT
Last-Modified: Tue, 28 Mar 2023 21:01:08 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 64c7d444c4c8b93058114731c99ee367
4b297ff99ea09b548ed3a9e1f7ffd42a19116ddd
5f668034ac98f2d63ccc3986e5e566295adeb113d7e745af3e6a94c4765cdb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/957331839/?random=1680099418536&cv=11&fst=1680098400000&bg=ffffff&guid=ON&async=1>m=45be33r0&u_w=1280&u_h=1024&url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php&frm=0&tiba=Page%20not%20found%20-%20Xe%20N%C3%A2ng%20Ng%C6%B0%E1%BB%9Di%20Avina&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1821755288&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/957331839/?random=1680099418536&cv=11&fst=1680098400000&bg=ffffff&guid=ON&async=1>m=45be33r0&u_w=1280&u_h=1024&url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php&frm=0&tiba=Page%20not%20found%20-%20Xe%20N%C3%A2ng%20Ng%C6%B0%E1%BB%9Di%20Avina&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1821755288&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/957331839/?random=1680099418536&cv=11&fst=1680098400000&bg=ffffff&guid=ON&async=1>m=45be33r0&u_w=1280&u_h=1024&url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php&frm=0&tiba=Page%20not%20found%20-%20Xe%20N%C3%A2ng%20Ng%C6%B0%E1%BB%9Di%20Avina&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1821755288&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 29 Mar 2023 14:16:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 426b20091f0772e0653ddfed319507f0
c667f730ebf745768665499d382aba0623bb797d
4f90197fec5ec8c700525e22f65f126379fa7f6dbbbdfae36a366b2653953b7a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-173464817-2&cid=537381872.1680099419&jid=721525552&gjid=700413521&_gid=102792861.1680099419&_u=YEBAAUAAAAAAACAAI~&z=1985255438
173.194.221.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-173464817-2&cid=537381872.1680099419&jid=721525552&gjid=700413521&_gid=102792861.1680099419&_u=YEBAAUAAAAAAACAAI~&z=1985255438
IP 173.194.221.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-173464817-2&cid=537381872.1680099419&jid=721525552&gjid=700413521&_gid=102792861.1680099419&_u=YEBAAUAAAAAAACAAI~&z=1985255438 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xenangnguoivn.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 29 Mar 2023 14:16:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 64c7d444c4c8b93058114731c99ee367
4b297ff99ea09b548ed3a9e1f7ffd42a19116ddd
5f668034ac98f2d63ccc3986e5e566295adeb113d7e745af3e6a94c4765cdb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 426b20091f0772e0653ddfed319507f0
c667f730ebf745768665499d382aba0623bb797d
4f90197fec5ec8c700525e22f65f126379fa7f6dbbbdfae36a366b2653953b7a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AL5GRJUuTjxk8D94MaECsb_tsIfx_nL_4h58grVo_wd-VA=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.1 kB URL HTTP/2 yt3.ggpht.com/ytc/AL5GRJUuTjxk8D94MaECsb_tsIfx_nL_4h58grVo_wd-VA=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 33c663870c175317930705a43e3609c7
72a7ebccb4d08ce93c7449fa101abb91e228ca83
f0fe3f5b0a900375d356065bb7a765db62e860dbbde7d42f217e73a13e3f31fe
GET /ytc/AL5GRJUuTjxk8D94MaECsb_tsIfx_nL_4h58grVo_wd-VA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v2f86"
expires: Thu, 30 Mar 2023 14:16:36 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 29 Mar 2023 14:16:36 GMT
server: fife
content-length: 3111
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f2cba2fa22dcbbc8a8f80e45eab01cb5
6c65f10e5a28c003273bad327a8411336b893dac
907b1ee3ad02582721f09a20fa09244c1ebe29c2a05853e6a9055e4218c35c93
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:16:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.metu.vn/menus?url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/menus?url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php
IP 172.67.220.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /menus?url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: mbid
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
allow: HEAD, GET
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8HgEttHt3PPUnNeruMh3DshFXoAT4eGbfvTxpqHzC0lj%2BlFOq9oT80HR3tf7iQtOKJH6ObZVTdmjI%2FsPleYhnUbJgB26CZY2lbJdkN1fkQo%2BH%2B%2BNzJpwAy%2Fcnbrhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e38ebb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/plugin/popupexitpage?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/plugin/popupexitpage?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
IP 172.67.220.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /plugin/popupexitpage?business_code=Amm0hpNup&session_id=dd12e97e2f6e74 HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
allow: HEAD, GET
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qzygygfxfdjy3kDHzMrW8oGKNVCmcB1a5AhYG7chC1sUe9NSCGq%2Fdxly%2BQ2p5tdp4mbCfr6ZB6ZMMCAVgJlGxY7egMgqdzTnzScSJlMrgKVIC2b5f%2BROZ6ogcg2YBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e28e8b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/apps/installed
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/apps/installed
IP 172.67.220.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /apps/installed HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: mbid
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
allow: HEAD, GET
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lFcyNHpxGrTrroop5FkPY%2FnCJVH606Wz9h8huyz5FVZonPgR6T5gXtbgZwQBn%2F5EC%2FMN8hNo4wTBWidg3B7Q681JBHA3kKuAQz06COfDz1e47PbYvTMuDxiD%2BZBJng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e28dbb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/plugin/banner?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/plugin/banner?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
IP 172.67.220.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /plugin/banner?business_code=Amm0hpNup&session_id=dd12e97e2f6e74 HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
allow: HEAD, GET
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q8YpRkJo5jJD1%2BpAOK%2FKGUwcOCCHexHL9xLRVexg71Kqh5%2FS8lXAAmr25n5O1vD%2BOI9IjcuvIIWkFhGImeY5V1zTRWK%2Bfp6pq6%2Fd56g2H0DdmJ56gJifxPhGcWAk3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e28e3b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/find-google-configs
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/find-google-configs
IP 172.67.220.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /find-google-configs HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
allow: POST
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vO531XFBdlat6xs93dpeRXWtOlVKCaOEtwGxekXPD2ZNXGz10SB%2Fnqtim5lwi0qhgfDyLNf3mNAFx61bXzBFkhUnasBgVFO7EbLHTx0G43wM3LRrZNk3QS0Sc8%2FCyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e28ddb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/plugin/popup?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/plugin/popup?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
IP 172.67.220.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /plugin/popup?business_code=Amm0hpNup&session_id=dd12e97e2f6e74 HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
allow: HEAD, GET
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nn%2Ff9lk1GyHUphzCzZhBWXzb92JKdEfzIksgXjTZK26zID8mAOLLTT%2BSIA66B9fdYyAZSQ2P84zSFOLHJVqbTmRp4gBImimx92DxvrgN6JesqgRCML%2BuWheVGQOmyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e38ecb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/plugin/popupexitpage?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
172.67.220.189200 OK 2.6 kB URL HTTP/2 api.metu.vn/plugin/popupexitpage?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
IP 172.67.220.189:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ed942767768284fb927c33381be69f1f
a5d9765c7ff7f45c744e402c48f306db3e2e185c
07e2c92db30497a37a8e1ee14691dbe50a744f985bd7de153f68df223245ed2b
GET /plugin/popupexitpage?business_code=Amm0hpNup&session_id=dd12e97e2f6e74 HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
Content-Type: application/json
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d9l5PRu6gHNWWW7GIDGbm9i2X6WN9IHEJe28RNcfvItXpH3oNEpx8LL2glqxXKWJ8pE%2BTVPr0rRB0reItOQlPpTePyXibA53xzteXgCthrw4wPq%2FOO8gG%2Bz9%2BPTj%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb515ea8b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.autoads.asia/maxlead/api/Gateway/GetScript?business_id=588CF30BC5AD4C93AAC3466C4CB14E39&preview=false
171.244.15.40200 OK 216 B URL HTTP/1.1 api.autoads.asia/maxlead/api/Gateway/GetScript?business_id=588CF30BC5AD4C93AAC3466C4CB14E39&preview=false
IP 171.244.15.40:0
ASN #38731 CHT Compamy Ltd
File type JSON data\012- , ASCII text, with no line terminators
Hash bb91006ad3ac658244f7e8e495faf248
57b78758cf61d5ac983c3fc724b1c016aca0afaa
573d212dd998c26f2a259fc798ec1f4a8fa78321b780d4f7bce340f8b8d9d464
POST /maxlead/api/Gateway/GetScript?business_id=588CF30BC5AD4C93AAC3466C4CB14E39&preview=false HTTP/1.1
Host: api.autoads.asia
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xenangnguoivn.com
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://xenangnguoivn.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 29 Mar 2023 14:16:36 GMT
Content-Length: 216
Strict-Transport-Security: max-age=31536000
Set-Cookie: SRVNAME=api21_1; path=/
cdn.autoads.asia/PushNotification/AutoAdsPushNotify.js
171.244.15.40200 OK 5.0 kB URL HTTP/1.1 cdn.autoads.asia/PushNotification/AutoAdsPushNotify.js
IP 171.244.15.40:0
ASN #38731 CHT Compamy Ltd
File type Unicode text, UTF-8 (with BOM) text, with very long lines (15523), with no line terminators
Hash 0032b8cfc3df2a38ec3474ba71849ce2
4a9e0cd9d17862639f7244de2c18452511ad9f5a
f9ac210e414365c4254f7032c735e6556f6c4375e7c93ac32e5765bed27e627c
GET /PushNotification/AutoAdsPushNotify.js HTTP/1.1
Host: cdn.autoads.asia
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Expires: -1
Last-Modified: Mon, 11 Jan 2021 08:40:28 GMT
Accept-Ranges: bytes
ETag: "0a6ad69f5e7d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Wed, 29 Mar 2023 14:16:38 GMT
Content-Length: 4978
Strict-Transport-Security: max-age=31536000
Set-Cookie: SRVNAME=cdn20_2; path=/
cdn.autoads.asia/maxlead/1.6.x/scripts/autoads-maxlead-widget.js?business_id=588cf30bc5ad4c93aac3466c4cb14e39
171.244.15.40200 OK 90 kB URL HTTP/1.1 cdn.autoads.asia/maxlead/1.6.x/scripts/autoads-maxlead-widget.js?business_id=588cf30bc5ad4c93aac3466c4cb14e39
IP 171.244.15.40:0
ASN #38731 CHT Compamy Ltd
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65326), with no line terminators
Hash 70f92b3589f4d5baee90224bfea6b169
3325b9e748f64e79ee428e3536a683dff7ec21c1
07cb1135a563ae2f473f9334501dd2d4f187e009be368e40234943c9fbc89d90
GET /maxlead/1.6.x/scripts/autoads-maxlead-widget.js?business_id=588cf30bc5ad4c93aac3466c4cb14e39 HTTP/1.1
Host: cdn.autoads.asia
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Expires: -1
Last-Modified: Wed, 15 Feb 2023 10:27:24 GMT
Accept-Ranges: bytes
ETag: "04eec172841d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Wed, 29 Mar 2023 14:16:37 GMT
Content-Length: 89885
Strict-Transport-Security: max-age=31536000
Set-Cookie: SRVNAME=cdn21_1; path=/
cdn.autoads.asia/maxlead/1.6.x/content/aml-widget.min.css?v=1.6.x
171.244.15.40200 OK 16 kB URL HTTP/1.1 cdn.autoads.asia/maxlead/1.6.x/content/aml-widget.min.css?v=1.6.x
IP 171.244.15.40:0
ASN #38731 CHT Compamy Ltd
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 6f25ae980e1b31bb83dea8727cc88f6c
a49249e0ba6760cad06b8d62c35d15476302f9df
f53e436441acbc54a91b67157f9bb0b72f96763cc7e6e8ce60f5380b6abb2e33
GET /maxlead/1.6.x/content/aml-widget.min.css?v=1.6.x HTTP/1.1
Host: cdn.autoads.asia
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/css
Content-Encoding: gzip
Expires: -1
Last-Modified: Thu, 08 Jul 2021 06:50:54 GMT
Accept-Ranges: bytes
ETag: "05bcc98c573d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Wed, 29 Mar 2023 14:16:38 GMT
Content-Length: 16408
Strict-Transport-Security: max-age=31536000
Set-Cookie: SRVNAME=cdn20_2; path=/
api.autoads.asia/maxlead/api/widget/getdata?business_id=588cf30bc5ad4c93aac3466c4cb14e39&previewToken=
171.244.15.40200 OK 0 B URL HTTP/1.1 api.autoads.asia/maxlead/api/widget/getdata?business_id=588cf30bc5ad4c93aac3466c4cb14e39&previewToken=
IP 171.244.15.40:0
ASN #38731 CHT Compamy Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /maxlead/api/widget/getdata?business_id=588cf30bc5ad4c93aac3466c4cb14e39&previewToken= HTTP/1.1
Host: api.autoads.asia
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-enter-journey,x-maxlead-ismobile,x-maxlead-ispostback
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://xenangnguoivn.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type,x-enter-journey,x-maxlead-ismobile,x-maxlead-ispostback
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 29 Mar 2023 14:16:38 GMT
Content-Length: 0
Strict-Transport-Security: max-age=31536000
Set-Cookie: SRVNAME=api21_2; path=/
www.youtube.com/embed/wPBQltvHD74?feature=oembed
142.250.74.14200 OK 0 B URL HTTP/2 www.youtube.com/embed/wPBQltvHD74?feature=oembed
IP 142.250.74.14:0
GET /embed/wPBQltvHD74?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 29 Mar 2023 14:16:34 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=EC10yFJ6jtI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=i0avzhFWW58; Domain=.youtube.com; Expires=Mon, 25-Sep-2023 14:16:34 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+683; expires=Fri, 28-Mar-2025 14:16:34 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
api.metu.vn/plugin/brandname?business_code=Amm0hpNup
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/plugin/brandname?business_code=Amm0hpNup
IP 172.67.220.189:0
GET /plugin/brandname?business_code=Amm0hpNup HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Px0IrupRvE3VPCM9DFaB1gqGqj4Q3yZEVBUBAUHCkvKZjGLIH7wvlG0rAaqpvOZJFVcfjJOyRwnBoNJlta3xxZAWevujJmxSR6xIrQtBs9lJ5onj0E7V7H0ttRTljw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb4e28dab518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/apps/installed
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/apps/installed
IP 172.67.220.189:0
GET /apps/installed HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
mbid: Amm0hpNup
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBDOo1vgCRBUPj3lsni5%2BTsi9hmC%2BrXPkEXkfaWIycmyM40ni2c1k28ZeqCQ8QwdxkaehJayJBbgqFX555rU%2BmthuNJncZ2mK1K1s1k18KoK1bY%2FdUxV3txqgVHjEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb516eaab518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/08/SMC.png
103.81.84.33200 OK 0 B URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/SMC.png
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/SMC.png HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/png
last-modified: Tue, 13 Apr 2021 04:40:36 GMT
accept-ranges: bytes
content-length: 8150
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/11/512x512-01.png
103.81.84.33200 OK 0 B URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/11/512x512-01.png
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/11/512x512-01.png HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/png
last-modified: Tue, 13 Apr 2021 04:40:37 GMT
accept-ranges: bytes
content-length: 287379
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
xenangnguoivn.com/wp-content/uploads/2020/08/vinfast-01.jpg
103.81.84.33200 OK 0 B URL HTTP/2 xenangnguoivn.com/wp-content/uploads/2020/08/vinfast-01.jpg
IP 103.81.84.33:0
ASN #18403 FPT Telecom Company
Analyzer Verdict Alert phishtank Other
quad9 Sinkholed
GET /wp-content/uploads/2020/08/vinfast-01.jpg HTTP/1.1
Host: xenangnguoivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/Netflix/net/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=7776000
expires: Tue, 27 Jun 2023 14:16:33 GMT
content-type: image/jpeg
last-modified: Tue, 13 Apr 2021 04:40:36 GMT
accept-ranges: bytes
content-length: 96417
date: Wed, 29 Mar 2023 14:16:33 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2
api.metu.vn/find-google-configs
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/find-google-configs
IP 172.67.220.189:0
POST /find-google-configs HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
Content-Type: application/json
Origin: https://xenangnguoivn.com
Content-Length: 56
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zc5oQDercWBcAg97oQRmxHKfkHZT1REPdo%2BfaWVtFZkOrWQTxhGfe31Q%2Ft8%2BfYeE6wXbmLE7qtCiNgtUXXdWZagDeNKg%2BMVHZJM9VkzepG%2BQQtDCQaEdcOQ%2FcucPhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb516eb4b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/plugin/banner?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/plugin/banner?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
IP 172.67.220.189:0
GET /plugin/banner?business_code=Amm0hpNup&session_id=dd12e97e2f6e74 HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
Content-Type: application/json
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zn%2FedH9EPoB33XL%2FmK6daNbHKxGDudQtS1NSQnYcnSUTAQJT9A4ownVhZfHTaOaYikBs7l25dMji61Nu7PQhj9ai%2F9MFTBRZJpD2kWgzy958safQdGUmg5QjJOVIow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb516eadb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3Aregular%2C700%2Cregular%2Cregular%7CDancing+Script%3Aregular%2C400&display=swap&ver=3.9
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3Aregular%2C700%2Cregular%2Cregular%7CDancing+Script%3Aregular%2C400&display=swap&ver=3.9
IP 142.250.74.74:0
GET /css?family=Roboto%3Aregular%2C700%2Cregular%2Cregular%7CDancing+Script%3Aregular%2C400&display=swap&ver=3.9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 14:16:33 GMT
date: Wed, 29 Mar 2023 14:16:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
menu.metu.vn/static/js/sdk.js?container=body&ver=2.0.2
104.21.45.240200 OK 0 B URL HTTP/2 menu.metu.vn/static/js/sdk.js?container=body&ver=2.0.2
IP 104.21.45.240:0
GET /static/js/sdk.js?container=body&ver=2.0.2 HTTP/1.1
Host: menu.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xenangnguoivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:34 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
cf-polished: origSize=1179
etag: W/"49b-umrJyvtKgMskCi5QYxVc32ONk3I"
x-powered-by: Express
cache-control: max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEqsy%2FK3A7GuImKtg1fh3wEDjzlfhy5Ycc9DUvzCL%2FYInu5GIoSAVtzbIIuIzs0QbKTkdpAASdiOO1w%2BU1zUbf6LvZMDCQnpFxEEWHlkai%2Bh3iSik%2BXyeZQZk9hNDiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7af8bb376f0db4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/plugin/popup?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/plugin/popup?business_code=Amm0hpNup&session_id=dd12e97e2f6e74
IP 172.67.220.189:0
GET /plugin/popup?business_code=Amm0hpNup&session_id=dd12e97e2f6e74 HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
Content-Type: application/json
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y1A14rBVa2wlJwQ0oiaWSNqj1Yf%2BcchgVc57QVKl2YLOKmBDXpK5en8Hzom8aooFOkuSiDdMeWM3DZGcWUxqA20ZkyU%2Be9nF4dHmUtGTkTJGtfbuCDeFCh4udCFJaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb516eb8b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.metu.vn/menus?url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php
172.67.220.189200 OK 0 B URL HTTP/2 api.metu.vn/menus?url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php
IP 172.67.220.189:0
GET /menus?url=https%3A%2F%2Fxenangnguoivn.com%2FNetflix%2Fnet%2Flogin.php HTTP/1.1
Host: api.metu.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xenangnguoivn.com/
mbid: Amm0hpNup
Origin: https://xenangnguoivn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:16:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: mbid, Content-Type, Authorization
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3akrWqwWT5TgVxCge%2FJHy6UESSjQOLlTycHzeFxSUgiKgtm3uLqil%2BANF6Jmt44WI5FBmUP5eqdd1SEjPdDRZ8yciJ5TryXugbss2BhB8CV0PDHHpbHa%2B%2FpK64tTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8bb514e94b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2