Overview

URLtfvn.com.vn/images/gri/mb/mbhi.exe
IP 13.229.38.226 (Singapore)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-06 16:52:12 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (12)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
tfvn.com.vn (1) 0 2019-03-11 08:11:18 UTC 2022-11-05 19:59:57 UTC 13.229.38.226 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
zerossl.ocsp.sectigo.com (2) 4049 No data No data 104.18.32.68
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-06 08:50:11 UTC 142.250.74.10
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
www.tfvn.com.vn (3) 0 2017-04-08 04:19:23 UTC 2019-12-30 18:52:18 UTC 18.138.206.213 Unknown ranking
ocsp.pki.goog (7) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
fonts.gstatic.com (3) 0 2014-09-09 00:40:21 UTC 2022-11-06 08:04:32 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-06 06:01:04 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.218.164.174

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-06 2 tfvn.com.vn/images/gri/mb/mbhi.exe Malware
2022-11-06 2 www.tfvn.com.vn/images/gri/mb/mbhi.exe Malware
2022-11-06 2 www.tfvn.com.vn/images/gri/mb/mbhi.exe Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 13.229.38.226
Date UQ / IDS / BL URL IP
2023-01-21 04:45:11 +0000 0 - 0 - 3 gameonlinevip.xyz/ 13.229.38.226
2023-01-17 09:06:44 +0000 0 - 0 - 5 networkcorporation.one/ 13.229.38.226
2023-01-16 07:24:14 +0000 0 - 3 - 0 amyra.vn/wp-admin/user/%20/home/Netflix/de/en (...) 13.229.38.226
2023-01-15 05:12:56 +0000 0 - 1 - 0 bluez.vn/ 13.229.38.226
2023-01-14 12:25:44 +0000 0 - 0 - 3 vinacapitalvn.click/ 13.229.38.226


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-01-29 11:22:05 +0000 0 - 0 - 2 resiliation-net-flix.xyz/33695/Login.php 75.2.18.233
2023-01-29 11:21:38 +0000 0 - 0 - 2 leicaf.info/AZCbqM1uZE 99.83.154.118
2023-01-29 11:20:46 +0000 0 - 2 - 0 ocdn.ks-ekspert.pl/f14320b6b80757d6d64f8eb471 (...) 54.230.111.6
2023-01-29 11:20:28 +0000 0 - 0 - 1 thinktankideas.com/login.php 3.130.253.23
2023-01-29 11:19:28 +0000 0 - 2 - 0 ocdn.ks-ekspert.pl/8c9e9e50d75f1db944f34c04fa (...) 54.230.111.8


Last 5 reports on domain: tfvn.com.vn
Date UQ / IDS / BL URL IP
2022-11-12 05:22:06 +0000 0 - 0 - 2 www.tfvn.com.vn/mini/de/dekspro.exe 18.138.206.213
2022-11-06 16:52:12 +0000 0 - 0 - 3 tfvn.com.vn/images/gri/mb/mbhi.exe 13.229.38.226
2022-11-05 20:00:08 +0000 0 - 0 - 2 www.tfvn.com.vn/images/gri/mb/mbhi.exe 18.142.208.246
2022-11-05 19:59:55 +0000 0 - 0 - 3 tfvn.com.vn/images/gri/mb/mbhi.exe 13.229.38.226
2022-11-05 16:00:21 +0000 0 - 0 - 2 www.tfvn.com.vn/mini/de/dekspro.exe 18.142.208.246


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-20 09:16:46 +0000 0 - 2 - 0 4uwellness.4utours.com/workshop-wellness-song 13.229.38.226
2022-11-23 04:59:22 +0000 0 - 0 - 3 kiemtienty.com/non-autem/documents.zip 13.229.38.226
2022-11-12 05:22:06 +0000 0 - 0 - 2 www.tfvn.com.vn/mini/de/dekspro.exe 18.138.206.213
2022-11-05 20:00:08 +0000 0 - 0 - 2 www.tfvn.com.vn/images/gri/mb/mbhi.exe 18.142.208.246
2022-11-05 19:59:55 +0000 0 - 0 - 3 tfvn.com.vn/images/gri/mb/mbhi.exe 13.229.38.226

JavaScript

Executed Scripts (2)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (35)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7561
Expires: Sun, 06 Nov 2022 18:58:02 GMT
Date: Sun, 06 Nov 2022 16:52:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6511
Cache-Control: max-age=156453
Date: Sun, 06 Nov 2022 16:52:01 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 12:19:34 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2635
Cache-Control: max-age=152576
Date: Sun, 06 Nov 2022 16:52:01 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:14:57 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19657
Expires: Sun, 06 Nov 2022 22:19:38 GMT
Date: Sun, 06 Nov 2022 16:52:01 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: CEdjTawihl3wToTDiphHmynZTJDVmHSwckLXeYzfWouKoSrgL/kQMUKE2Y+a3QKJ+/CZcePvPzQ=
x-amz-request-id: YDG3PVC01DNGA10K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 16:10:30 GMT
age: 2491
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 06 Nov 2022 16:52:02 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /images/gri/mb/mbhi.exe HTTP/1.1 
Host: tfvn.com.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         13.229.38.226
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Sun, 06 Nov 2022 16:52:02 GMT
Content-Length: 162
Connection: keep-alive
Location: http://www.tfvn.com.vn/images/gri/mb/mbhi.exe


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3758
Cache-Control: max-age=148647
Date: Sun, 06 Nov 2022 16:52:02 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:09:29 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Jf01W8cN5rXsAkamTwgnTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.218.164.174
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MRsLLHaMGJyG2ZSeO0seK0VNt9o=

                                        
                                            GET /images/gri/mb/mbhi.exe HTTP/1.1 
Host: www.tfvn.com.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         18.138.206.213
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: openresty
Date: Sun, 06 Nov 2022 16:52:03 GMT
Content-Length: 166
Connection: keep-alive
Location: https://www.tfvn.com.vn/images/gri/mb/mbhi.exe


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   166
Md5:    3ea1c8d079b38532a6e01a96216ba5e2
Sha1:   598d3ff91d3e252f1e13df8cf0348b270ff2da3f
Sha256: 87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20076
Expires: Sun, 06 Nov 2022 22:26:40 GMT
Date: Sun, 06 Nov 2022 16:52:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20076
Expires: Sun, 06 Nov 2022 22:26:40 GMT
Date: Sun, 06 Nov 2022 16:52:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20076
Expires: Sun, 06 Nov 2022 22:26:40 GMT
Date: Sun, 06 Nov 2022 16:52:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20076
Expires: Sun, 06 Nov 2022 22:26:40 GMT
Date: Sun, 06 Nov 2022 16:52:04 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11535
x-amzn-requestid: 0a1d9895-e2e3-4070-921a-736d8c6f254e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJatPGwjoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7ee-101a7f3a2b834d0b411c9de0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gjEERXiPH4yDHtW87u7qRDYz1A2DKKlkYXKVC3F9VshnRvhh2wSaSQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:08:57 GMT
age: 67387
etag: "cc22e90a0b476215f2fd864d84c9b00dded100a6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11535
Md5:    b370c4e3b01be9fbbc3e310e6958cd55
Sha1:   cc22e90a0b476215f2fd864d84c9b00dded100a6
Sha256: f54d90c5854b6f140b63dad3aa92bd858b8f360b8c77d50fdf344e813e9385c5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8961
x-amzn-requestid: 3a50374d-d90e-452e-bb89-82ca14c94b52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJarpGtqIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-55c356475fb64e6625a338c7;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OR8zISm84Iz0FL3Km-aQOHSnjROX2-S_lKloAhMAThT17igEWRbxkA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:20 GMT
age: 68864
etag: "1f727a7ea032082658944cf4041686446fb6b5f2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8961
Md5:    dcc79e66d1e21452efb26d26650f6739
Sha1:   1f727a7ea032082658944cf4041686446fb6b5f2
Sha256: af1fe8de442a365a108d5c03f0d3ae8b0beb1abb4f267a46979f9c885ee026c6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7573
x-amzn-requestid: d56e7b27-f2cb-4cd3-9f67-ba18d1bfe270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bDkhGHmjoAMFxxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364813a-3a1c18b13c41f38673890b00;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 03:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c-u9tBFoIve3sEwtbUvIFZoPu6eudy3ZFQi8j2m9mTPNEarihTvddw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 03:24:54 GMT
age: 48430
etag: "11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7573
Md5:    b18a8c9f5539ce33476f843f5811e01d
Sha1:   11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b
Sha256: fc20e507eedccb52078979f2132434b11b9d50d917cab512d8e0c99515b1236c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7220419a-cf8c-4056-a522-11012e67cf32.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14415
x-amzn-requestid: 9eadfbeb-38b2-483a-894a-375e00f646dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJabgHcMoAMFTLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d77c-104fa5e61c64aaf230ffb045;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:37:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 1rzBJigxxARLwKhQ_2PvkVnWD2wUH9UPfyVKIe9lmvtmtMRwWjR21g==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:17:20 GMT
etag: "276f1493d6da74c8fa3ef83dee77bf48850ff4b4"
age: 66884
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14415
Md5:    fa77f05b1af971db287607d9d9a30e0f
Sha1:   276f1493d6da74c8fa3ef83dee77bf48850ff4b4
Sha256: 005d0273b7fe7b68081d1db630df9444c4082140be87c34f3e9e5fb7db9a4160
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee1982-fead-41ba-9720-19ae491d0af1.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8309
x-amzn-requestid: 377e4474-c2ee-4477-be4b-18d264ca9aa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJbgwH23IAMF3kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d937-7692bcd1131d9749085800b0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:44:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: JpXdvmvvQH1vfmG3IY6l-viZNIwPCuCBMdnRl78XNVFNE2FgSxqXJA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:14:38 GMT
age: 67046
etag: "b8f906e9e3c3addf73e2d387c7238dc1ffe0bb28"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8309
Md5:    3929fb3c2f0dad9409e9b247ab891518
Sha1:   b8f906e9e3c3addf73e2d387c7238dc1ffe0bb28
Sha256: 64822bf90b140698a0043ea76542823a55daf3bb6ad1b6b3ba972c7fbb256bb5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 09:11:34 GMT
age: 27630
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10462
Md5:    4e2853cc6ec6223160471401e6871f4b
Sha1:   f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
Sha256: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Sun, 06 Nov 2022 15:59:11 GMT
Expires: Sun, 13 Nov 2022 15:59:10 GMT
Etag: "47311c4ff3ee0a0b8ebae3f32faf2ff3e25a92f5"
Cache-Control: max-age=601025,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765f566469f7b51e-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Sun, 06 Nov 2022 15:59:11 GMT
Expires: Sun, 13 Nov 2022 15:59:10 GMT
Etag: "47311c4ff3ee0a0b8ebae3f32faf2ff3e25a92f5"
Cache-Control: max-age=601025,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765f5665a82cb51d-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tfvn.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 05:42:51 GMT
expires: Fri, 03 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 299353
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tfvn.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31320
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 31 Oct 2022 18:57:58 GMT
expires: Tue, 31 Oct 2023 18:57:58 GMT
cache-control: public, max-age=31536000
age: 510846
last-modified: Mon, 15 Aug 2022 18:11:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 31320, version 1.0\012- data
Size:   31320
Md5:    3fe71527811fbfedd2c07962e1bc49e7
Sha1:   f63e158a0480c5d711b5e268db0e75e57d87a8a5
Sha256: 24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95
                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tfvn.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 21:11:09 GMT
expires: Fri, 03 Nov 2023 21:11:09 GMT
cache-control: public, max-age=31536000
age: 243655
last-modified: Mon, 15 Aug 2022 18:14:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 14040, version 1.0\012- data
Size:   14040
Md5:    eadd44d829d43ddf48870c2073f1a7ca
Sha1:   fc04b04f37e0988001c81be96bca33c4d866450f
Sha256: 84197a92671b7b7c8715220cea35354699c6221113c0ff531ff087ab8a8aa9e6
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 06 Nov 2022 16:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.tfvn.com.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tfvn.com.vn/images/gri/mb/mbhi.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         18.138.206.213
HTTP/2 404 Not Found
content-type: text/html
                                        
server: openresty
date: Sun, 06 Nov 2022 16:52:04 GMT
content-length: 150
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   150
Md5:    597ba0d4396e9c906225140ce907092c
Sha1:   28ae2ba65ccdb583d79f85b8cc9509fae697493b
Sha256: ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
                                        
                                            GET /images/gri/mb/mbhi.exe HTTP/1.1 
Host: www.tfvn.com.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.138.206.213
HTTP/2 200 OK
content-type: text/html
                                        
server: openresty
date: Sun, 06 Nov 2022 16:52:04 GMT
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
set-cookie: LADI_DNS_CHECK="2022-11-06 16:52:04.248106816 +0000 UTC m=+380789.618423912"; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_CLIENT_ID=9a4730c2-cbd5-469b-5c50-5b70fbabfcc4; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_PAGE_VIEW=0; Path=/images; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_PAGE_VIEW_PATH=0; Path=/images; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_FORM_SUBMIT=0; Path=/images; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_FORM_SUBMIT_PATH=0; Path=/images; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_PAGE_VIEW=1; Path=/images; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_PAGE_VIEW_PATH=1; Path=/images; Expires=Wed, 03 Nov 2032 16:52:04 GMT LADI_CAMP_ID=; Path=/images; Max-Age=0 LADI_CAMP_NAME=; Path=/images; Max-Age=0 LADI_CAMP_TYPE=; Path=/images; Max-Age=0 LADI_CAMP_ORIGIN_URL=; Path=/images; Max-Age=0 LADI_CAMP_TARGET_URL=; Path=/images; Max-Age=0 LADI_CAMP_PAGE_VIEW=; Path=/images; Max-Age=0 LADI_CAMP_PAGE_VIEW_PATH=; Path=/images; Max-Age=0 LADI_CAMP_FORM_SUBMIT=; Path=/images; Max-Age=0 LADI_CAMP_FORM_SUBMIT_PATH=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_PAGE_VIEW_PATH=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_FORMSUBMIT=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_FORMSUBMIT_PATH=; Path=/images; Max-Age=0 LADI_CAMP_CONFIG=; Path=/images; Max-Age=0 LADI_CAMP_END_DATE=; Path=/images; Max-Age=0 LADI_FUNNEL_NEXT_URL=; Path=/images; Max-Age=0 LADI_FUNNEL_PREV_URL=; Path=/images; Max-Age=0 LADI_CLIENT_ID=; Path=/images; Max-Age=0 LADI_PAGE_VIEW=; Path=/images; Max-Age=0 LADI_PAGE_VIEW_PATH=; Path=/images; Max-Age=0 LADI_FORM_SUBMIT=; Path=/images; Max-Age=0 LADI_FORM_SUBMIT_PATH=; Path=/images; Max-Age=0 LADI_CAMP_ID=; Path=/images; Max-Age=0 LADI_CAMP_NAME=; Path=/images; Max-Age=0 LADI_CAMP_TYPE=; Path=/images; Max-Age=0 LADI_CAMP_ORIGIN_URL=; Path=/images; Max-Age=0 LADI_CAMP_TARGET_URL=; Path=/images; Max-Age=0 LADI_CAMP_PAGE_VIEW=; Path=/images; Max-Age=0 LADI_CAMP_PAGE_VIEW_PATH=; Path=/images; Max-Age=0 LADI_CAMP_FORM_SUBMIT=; Path=/images; Max-Age=0 LADI_CAMP_FORM_SUBMIT_PATH=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_PAGE_VIEW_PATH=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_FORMSUBMIT=; Path=/images; Max-Age=0 LADI_CAMP_BEHAVIOR_FORMSUBMIT_PATH=; Path=/images; Max-Age=0 LADI_CAMP_CONFIG=; Path=/images; Max-Age=0 LADI_CAMP_END_DATE=; Path=/images; Max-Age=0
statuscode: 404
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /css?family=Open%20Sans:bold,regular&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tfvn.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 06 Nov 2022 16:52:04 GMT
date: Sun, 06 Nov 2022 16:52:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---