{"report_id":"f7c7736b-fb92-458b-b784-7399322aff05","version":6,"status":"done","tags":[],"date":"2025-12-22T00:02:18Z","url":{"schema":"http","addr":"tvphim.one/","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"tvphim.one/","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"title":"Phim Thuyết Minh TvPhim, Phim Bộ Mới Nhất 2025, Phim Phụ Đề","dom":{"size":115754,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (410)","md5":"537c664fece00b46e3da34eae181bad1","sha1":"fede1158a3bad75bedff16387a3192356faf35d1","sha256":"ab4e7f6b919a658a1ba526eeb22c53df4b0c00312844a11df76fff595c070678","sha512":"db0c531fc16d9f5c0b8d6681b8395a129a55cc3f91c648e3d706dd459900db748fa8a1aad21d674349b3b2ab7deaad625c28805c9bb6c60494e8477ca008f725","ssdeep":"384:G+D1V8/VwGUwmRs7SSABS0rrSo49hXoSM9N95V9du9DVpVcXYdRVrV5VvVES2iYd:GmV8Ae7SSsr567k","tlshash":"f9b30ab045f941be011362d29a786a1ebfd2910bcc9a090973fd2bd9cf87e93ad4714d","dom_hash":"domhashc77a2417b02596d963a6089115ba5eb8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tvphim.one/","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-26T00:02:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"phimimg.com","ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2024-07-25","domain_rank":1630573,"first_seen":"2025-06-21T21:41:10.03517Z","last_seen":"2025-12-21T05:30:04.591813Z","alert_count":42,"request_count":21,"received_data":9427310,"sent_data":9954,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"img.ophim.live","ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-04-27","domain_rank":4988184,"first_seen":"2024-05-19T15:04:55Z","last_seen":"2025-12-21T05:30:04.3873Z","alert_count":0,"request_count":31,"received_data":46896231,"sent_data":14357,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-21T22:17:07.06462Z","alert_count":0,"request_count":1,"received_data":10430,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"216.58.207.200","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-21T22:17:33.83847Z","alert_count":0,"request_count":1,"received_data":434152,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tvphim.one","ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":17,"received_data":637793,"sent_data":19618,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-21T22:14:03.270461Z","alert_count":0,"request_count":9,"received_data":130340,"sent_data":4953,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/jquery.js?ver=3.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4196c2112b2fcb7ee1defcce4e01f8af","sha1":"82721cc174064f3808730880340fbfa492850331","sha256":"634dc69d755d4ddf57ffa821c96d1405c8670b6dcb9c5f276244c691549cb146","sha512":"443867aab52c935c8a29940f32f93d67539b61875f3e604866b1553b0a32f9c1f36db92eaf29922587aed973d034f8523d5b412914c6cb7ba3bf44aba7b2bf95","ssdeep":"1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6ta:nkn6x2xe9NK6nC6E","tlshash":"698319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86925,"data":"","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:47.020558Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/functions.js?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b95e5bf8dd94aeeff88e0e3f35bc6b88","sha1":"0504bc698b7010e60f4cac06bcb1be6dc94f6385","sha256":"a288773b242a1befb2c4d22f0eb9e2073fc04677f3056ef185347cf990281f0a","sha512":"92a9f9ffdec07e918de13d032899cd7c69f3e762c2e8c45875a39fcbd57f9e1ef404e96ef942764f82edb7031e77c5043d654797a8eed4796aad7108d004005e","ssdeep":"192:0iYSqN62g6c4NJN+SdU+xmsQXkRUDpNUb7WEGRkaAvKPrMbSDcYwC9U1UnZHfrZ5:lD6uwqpw7vGRjAvKIOcYCOFfKHc","tlshash":"8d42b81cf258a66704df2679216b5b8532332f77d1469160e03f1af18f90f8b7a93a2d","size":12987,"data":"","first_seen":"2023-08-03T15:59:28Z","last_seen":"2026-05-07T09:03:09.229661Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ee484d6b9bab4f762773ba3eb6d16c3","sha1":"1d9be2ce4d18ca5c2f889c4cfe07789545179aeb","sha256":"df3dda48ce5b50a7751f0e91257e5abe75a44b1b562d78edeb22a57e22ffef0e","sha512":"bff5edea96cee667ab7dd75f9b984154729f7b62408cb88752633c756b94e4d98ae5011fa0544c879ad9142d8cf2fff6fef0dbb7b81bc6edf2254771ced9dca5","ssdeep":"","tlshash":"c9f05c38d41d5d7d0bfe0ce6d46968d2bab8409749dca005e1a8df68671cbc053269af","size":468,"data":"","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:47.037334Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/sol.js?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c2468d6efadf93e8b5cb886f9fc1ee1","sha1":"b98c6f235b4c48e0576b9049a36a40e90ccdecb6","sha256":"687357ee186e0e41e457c0104307dc8738a8b1d5ca480a857749727d5741166a","sha512":"2f2fc1eacaad9774b82f15b4c07a307244b7066ead636e42bd170760a0d2c1d7fa8d13b8a216f928d2054839910a1ade5cc2717a7c81909dd82c55a50f0bb58d","ssdeep":"384:lKPWI0SRTK3eq//JRynIl52CrpPlkEh1nJ4Xhx4sYuM7:lJUoe4qyN6RU7","tlshash":"f982634bb29c3732c2ff51798597224261399d9bb642856db839e8d84f38e412033f3e","size":18614,"data":"","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:46.861937Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-627N11083D","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"216.58.207.200","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ef87cecaa2ed65173f085467a6908512","sha1":"a7abe746a8a47a808138654e62e4e3b2953e5a69","sha256":"d3f8a466b032d1d13afe3ac047d1c897b0b806cdc57366dc8539f3ffc3cbde0e","sha512":"b5ebcc4ede11d158ce7d22472da664d91e18b787314530c58121831baf061de2286bfc5dc7555fc9ac4bd0e52f5af290a698a8b78bbcd8164f841547b71f6cf3","ssdeep":"6144:3wIe7ma2bulKY/1u99xHDmHYmyBFzvnsyRO6jJWoNPad4FpC1xY:xC8bu7/1mbrnsy39WbMpb","tlshash":"e4941ace73c674269396e078503f118ba57b29e2b45cc896f189cce42e7469a4237f7c","size":433548,"data":"","first_seen":"2025-12-22T00:02:53.721648Z","last_seen":"2025-12-22T00:02:53.721648Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1a64849d24085ed616757b8dc730500","sha1":"7fa49126ad00dbf37fb8348d5689914f5a4bb7d6","sha256":"a97536f6184973c2b921e8be3ae52f4d1dc30a11ee1db6e0b9e90089a0b442a8","sha512":"3978ad05c6daf334ef3c454c1d60f20cbec6afea8182eac59139b333a6f1930159cf8f5fee2b85f65576c3d0d67aa73dbbbdb2e034ff9afcd365a8d7ccb72c14","ssdeep":"","tlshash":"2ac02b8c314f8cb041f73b008b3ff600b402321494d56a31490923445e30e0bd744974","size":153,"data":"","first_seen":"2025-12-22T00:02:53.735909Z","last_seen":"2025-12-22T00:02:53.735909Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/owl.carousel.min.js?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"436078ebb485a71089ef2db6bce1788d","sha1":"c704f57b6ba32caa01e1803ef303d3da20642149","sha256":"8fb391aa6ad9096ac5fad59d45e5a0fc76d436a193f63dccb9e8b4da5985715a","sha512":"2e2e3872d59c94aa92192bc086c5d60d34776781313727023375d6a5e467b7a814e55dad3cdb424dd5ebc1ee9bcecc95e6500f8bd4974cfc381ceed2c959ee6b","ssdeep":"768:8BA7PMMFA0tdlXKNSR4vlGRep2lcwJeL+C2jQdc7YCORUQuFBt3C:gAIMFFdYMxAcEQDs","tlshash":"cb137346b3202d2a869b61a0663f160bb23a291ce414507d7d7da6de6d7dc4c213fbfc","size":42778,"data":"","first_seen":"2023-08-03T15:59:28Z","last_seen":"2026-02-13T22:00:35.639861Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tvphim.one/themes/toro/css/material.css?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/css/material.css?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-9c4f\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8mbsYXfkGvQhJ%2F8xXl78R%2BLxVsewBXGTM9zsz8QJzNlbSayBj4zJXrYnlUsfMCRSoYHkTOku%2BqCj6O3Sf6B%2BBhoAurl8DW%2F4\"}]}\r\ncf-ray: 9b1b58f0fc0ab51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40015,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (40013), with CRLF line terminators","md5":"95d44f3b2db988ced4e9a39b41a63f73","sha1":"9f9c39c5ab688fe3254e93b8cae0b3ca2556f8de","sha256":"a16f73bb66f3874b70317d4bed2399918b16517fa5aed4e33b023a85d81c2070","sha512":"eb41d44a4ae3a7f4b07fc8e4e49b010dc88cba9fb67411cd936b26df2eac4f16e1eb0da35f6797bb7be02e961aae4b9ffcad0e4ad1f9670b5965a77c985f5ed0","ssdeep":"384:NCMV8eK+oGbUWfXqu3OlOKXjRnx6x2Q2NVeNS:IMV8eDjbUOXl3OUI1x6glNVWS","tlshash":"13032be4ec0d2ae933fac403c3dd734e2649b23ae6514c59fa2b651c2ad464d41e2f78","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:46.991625Z","times_seen":7,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/img/star-on.svg","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/img/star-on.svg HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tvphim.one/themes/toro/css/toroflix-public.css?ver=1.0.0\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: accept-encoding\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N7ujxp2ahM98hcNp9tkjoS8cbB0z7Aj2%2FzEWuNqdpGmB9z4D3%2BeUH6ktNIyBDw3vGLwe1VVH9QX8roCq97dI3o6WeqlSWejT\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"67f4d167-170\"\r\ncontent-encoding: br\r\ncf-ray: 9b1b58f3cdcab51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":368,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"89f705cfc33e82b18d08daea130f962a","sha1":"f44190a50c312e46eaa60fd5daf470526f52cd59","sha256":"f5b70dd1f4278566f564d7ef249c4965372bfd7d9278d4ccf77d47b1aca9dab4","sha512":"b43e52d5d67812a449d2e2f7b4e026cd5a961657e7b1e4563754079a8b6ce70bf5fe81d47721f5edb267e823e462e43e4f8749b0cd3ab8c96337d7441ade3f36","ssdeep":"","tlshash":"a8e07da0905d0e04071d83204e3c71b65cf870af7b1c04faf5142310b763495f865f5c","first_seen":"2023-04-18T05:15:44Z","last_seen":"2026-05-07T09:03:09.26039Z","times_seen":55,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 5840\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Dec 2025 10:01:08 GMT\r\nexpires: Fri, 18 Dec 2026 10:01:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 309648\r\nlast-modified: Wed, 10 Sep 2025 16:49:17 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5840,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5840, version 1.0","md5":"312a313e284cdb856218b1c5ba575567","sha1":"e5f8959de17d57697167fe2f37e47d921f8bfabf","sha256":"26d1dbd047f3e3167a47a32d90011e68c0491450482b74c575b6b21075ab57c1","sha512":"300678d986da7b7ddd651d535b31f20959f8568324aeee0e9473e9956f21d49dc9777874941d042c6c876ed662e43bc6ec5ca986cc6fd8db49284c7c6e5fa7e4","ssdeep":"96:bDTfWS/HfCsOD0Ir5laPgQm4F6KFz7dZoVVUchWnX8zJ8J:bvbAIIr5QPn6woV+n2Jg","tlshash":"7fc18e1b7cc9b57bde56e8e877d2f24de5ee2d630088a6c1462243cffd10152194d38a","first_seen":"2025-09-17T22:26:03.129993Z","last_seen":"2026-05-14T07:46:15.362623Z","times_seen":185,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":8,"dns":0,"connect":8,"send":0,"wait":20,"receive":1,"ssl":185},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251220-1/0b7449948edc2dd900127611fa8f2dbe.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251220-1/0b7449948edc2dd900127611fa8f2dbe.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 20 Dec 2025 13:10:22 GMT\r\netag: \"420d7-64661eaa3b3e4\"\r\naccept-ranges: bytes\r\ncontent-length: 270551\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":270551,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1968x1107, components 3","md5":"0428be8be605ae0ca42e1d4926e4c4e3","sha1":"0fa25e6b38ae528a76ccc77b2383adf7842b8801","sha256":"f5fb4e616b2f2d8ae96d13167cf38a86bc0d0c65a66eb63af5303b6d48fd25ac","sha512":"68195d031799e0cf32ab51edafef96e11fef86a7924a6fa77e2544fb97b1fb1840a0315f74d16ba9b2ff2819740932030ead0a01d524c0443ac1fb6106209dfa","ssdeep":"6144:1Ti50nrevVtmb5G7QMveruJJmK7WKDg0cdFT0zJ8P:1m0ngQ5mZeCHxCK8rzT0CP","tlshash":"354423b27f0dea318d848373a8c9efa676d93d713084ecfbfb5e591aa51112c2057582","first_seen":"2025-12-22T00:02:53.649782Z","last_seen":"2025-12-22T00:02:53.649782Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1826,"timings":{"blocked":484,"dns":0,"connect":0,"send":0,"wait":1230,"receive":112,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/song-quy-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/song-quy-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1208947\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"afbbdd5febdd599c70741ac60d7214b0\"\r\nlast-modified: Tue, 09 Dec 2025 22:11:56 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882EA6BB28932DF\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 129964\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xo%2B7xBb7a1VghyPSxGh1EmRJTfgtnP5kXDsJXrhR43tn2oIIrszv8nwTfj8Pa%2F8b9B4jCdaGE4%2Bh2BIrV%2B2LMYiUETm84sJ9fYfc3PjJ\"}]}\r\ncf-ray: 9b1b58fab9d95a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1208947,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2000x3000, components 3","md5":"8d3efcfc6558fd30d8ba315aae47aa2f","sha1":"299b65f562584d7634e698008f76b36a8158d3b9","sha256":"d6d5a0894532945ee177d51e844f73e00168d7145b8d32e77fa57bc8cab80674","sha512":"72d2272b6271c8b25617c74dbcb0620233f6b4f389b7c3c8a26f681e8eb6043866c0aa545a4b94e214dcbb386283d6e1299332e1493e06594ccad324838ee362","ssdeep":"24576:yUs3qudZiSxHdQzRFq8AcyOpi2Q3XuIyzHwcI:yUs35d1HdW/q8DyOs3XXdcI","tlshash":"0d250121fe53a759ab0f0674f48aec0f5e1127ec2cc50e1a56d15ce2fad021ad7899ec","first_seen":"2025-12-22T00:02:53.651261Z","last_seen":"2026-01-03T10:19:25.692446Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1810,"timings":{"blocked":1545,"dns":0,"connect":0,"send":0,"wait":9,"receive":256,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/dau-dang-giang-ho-ke-vai-chien-dau-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/dau-dang-giang-ho-ke-vai-chien-dau-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 6075258\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"aade9fc26e69356a58973740671c8804\"\r\nlast-modified: Sun, 21 Dec 2025 00:23:32 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18832572A0113A8C\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 65063\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=puQyoJioShcfOzU%2B43AbRB8s0Rtd3uP2BxQP%2FI5rDd1SoujFh1x%2BX2%2BR6jsVXD2YuV55p7fLK1kqy4uoPmTBIWbh%2B3JE%2FXVIJYh6X5UX\"}]}\r\ncf-ray: 9b1b58fab9df5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6075258,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1938x2835, components 3","md5":"8df27d1f67544e7d552241bca0a842ef","sha1":"e12f5a2301b99511b426f558b95dffd5db87478f","sha256":"60cbcbbfc54e81b28d3c731d4de28e370bbed62949f8fdbfa45b31b7c948de57","sha512":"7b7d6acf548273732401655f4f16dff991cd6306a207917dc7572124e0d5e6cf99190c2e85d768019988c618fcbc7fd7b098b7e63a20b5d326b9880777506768","ssdeep":"24576:qhxFbCzPufYZ8i1Tldgy30teATgKCFX78hxG/:qhnbsPugZ8CPglteAcbIhxG/","tlshash":"4025231a7922fc313d8d4b1b7422804e24d1b5e873fab4dcc6521dcaabdd6868c9753e","first_seen":"2025-12-22T00:02:53.652567Z","last_seen":"2025-12-22T00:02:53.652567Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2117,"timings":{"blocked":1543,"dns":0,"connect":0,"send":0,"wait":11,"receive":563,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251006-1/29313e624c6b831b76fb0a5ce35d2680.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251006-1/29313e624c6b831b76fb0a5ce35d2680.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 06 Oct 2025 05:28:13 GMT\r\netag: \"2fff1-64076b7bb9af1\"\r\naccept-ranges: bytes\r\ncontent-length: 196593\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":196593,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2048x1152, components 3","md5":"b86e61d9bbaccc2dafb1c428d7886db3","sha1":"1912e6634a0496666d1bafd3143c275b324d3188","sha256":"d652a7e950926c703312f65ace8d26a70094b11e42e86c6f2b953abadaad0f93","sha512":"48985ce4549795adac43fe9210cc5f445d6236de01f747a03271638de200c903b7965061b4722e7600dc31ba3eaee0da046b016bc9c53996a12a1a388c942468","ssdeep":"3072:qEChlgpHgpLSW/u3Kon4YKytHHuqwXciUrd5xiEIJsbSNdAG2Sax7ruhZ/rdXzS:qEQghWG6onpKYHWWRLxIJiSDAntKh9N+","tlshash":"d31412cbd142001fe2d86cba6cc2efb528848db95e307e215698a365c95f776ef8c345","first_seen":"2025-12-22T00:02:53.653697Z","last_seen":"2025-12-22T00:02:53.653697Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1935,"timings":{"blocked":475,"dns":0,"connect":0,"send":0,"wait":1455,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251004-1/4e1e1793bb0d43c8dbe259e38b63d05c.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251004-1/4e1e1793bb0d43c8dbe259e38b63d05c.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 04 Oct 2025 03:52:51 GMT\r\netag: \"d0d49-6404d2702e597\"\r\naccept-ranges: bytes\r\ncontent-length: 855369\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":855369,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3840x2160, components 3","md5":"9969359b8e8b34edc24d7b34d3ff532e","sha1":"fdeb107c3e72bdb8bb6a03dd587aee39fa34ddbd","sha256":"f378f4f22b2ab36c7645946d1314b6f1a175cbb5e135f294d91d096015c0c02e","sha512":"42159079bf0e9087cc6189a1c96844649f7efd70fca0814cf7b0015c329151c36b99cc155ef571f5e9e7bcb35664bcb1433d4face76d4415dee7069f5bfa3490","ssdeep":"24576:FXNHE3TU9ebcMdZjyzm3UciU0w75AH5uN0R1LDtRP/h5F/7:Fgg4jA5U0QWZuU1LDt5/t","tlshash":"e30523e34759185cd9eb6734e08f0f57429907b014a4e886064ff8be77623b6ae4bf81","first_seen":"2025-12-22T00:02:53.654701Z","last_seen":"2025-12-22T00:02:53.654701Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2053,"timings":{"blocked":474,"dns":0,"connect":0,"send":0,"wait":1565,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14868\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 17 Dec 2025 23:00:18 GMT\r\nexpires: Thu, 17 Dec 2026 23:00:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 349298\r\nlast-modified: Wed, 10 Sep 2025 16:47:45 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14868,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14868, version 1.0","md5":"a870ee3703f35f3b772e1ea3aff0abea","sha1":"2f73bac27e4fca1630d90813a858d7b815faf5c2","sha256":"691491f1fc8badab623e1be56f92cc2d98c462b16617c67e1e288d6b061444bc","sha512":"eb7e106769da2737a2d128f7b5ffeb145c03ecb3e0d120ea8e48f66b54ccc92b3657c9ba44385b355643e344329318c3d4eddde64b060ef580b419ac09d48add","ssdeep":"384:mVyQfY5SLPyg3mKvJU/rtyXWtnpeb0qY9X3cCI1Ll62yQ:2YS7fWKvJ2tyqM0PXINl62yQ","tlshash":"7562e0e9d92843e74d2019387b4b78df360adbed631a4878e995c49b6014af79122c1e","first_seen":"2025-09-11T17:07:37.667838Z","last_seen":"2026-05-15T15:18:51.248558Z","times_seen":51575,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":0,"dns":1,"connect":8,"send":0,"wait":9,"receive":1,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tvphim.one/themes/toro/css/font-awesome.css?ver=1.0.0\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 77160\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\netag: \"67f4d167-12d68\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=79Q7BbJCLe3afqotOH5R6KohRVOgnRC4seNNg1TWltmPrINS88T7QM0yxXr5j3i7xwRBG6HQeIXuz6HGasXN34jXisZy1veu\"}]}\r\ncf-ray: 9b1b58f3fde5b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-05-15T15:20:19.246473Z","times_seen":468612,"resource_available":true,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/huynh-dai-xin-dung-buoc-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/huynh-dai-xin-dung-buoc-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 89219\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"a37ba9c97262c807b3427f49ee69931e\"\r\nlast-modified: Thu, 16 May 2024 18:33:31 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F89241BA5\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1G2prC1wnE4e1SL3FTqBAFFTlOpioh1VHuubsoeoVxYiaKUnHs7GkBHKs0cc1DeuH7pqXcxtO2zI4d8zg7lA9%2FoIrMjyG6%2FuK5FL67LT\"}]}\r\ncf-ray: 9b1b58faba085a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":89219,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x673, components 3","md5":"a37ba9c97262c807b3427f49ee69931e","sha1":"52651777513949197f86206d4892680c518735c9","sha256":"fc43e0ec3afaf04910aefe63b15f1f286de7410ff03de65d674d30f0e590d9db","sha512":"21847006451750f31333c60ac0a77013a5e0c8336e52aedffecc43e8e6b1c77bfdac291690cc36ebbedfc3947e58b0792125bdb3c0635d3c033856ae35e5f2e2","ssdeep":"1536:rhzAvHTyrANASfMNiL4/TuzL/si0CmTvxZYQEDqTIa9njJJicEaB4B95atCRcGYg:u+8Mo2TufsNPvw5kImfLO9Iw3","tlshash":"8f930205f41b75679e0f132cf8debd2eab49abad20f0698b45c50d64c6c0a2afd441f9","first_seen":"2025-12-22T00:02:53.657196Z","last_seen":"2025-12-22T00:02:53.657196Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1776,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":360,"receive":340,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T00:01:54.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; expires=Mon, 22-Dec-2025 02:01:55 GMT; Max-Age=7200; path=/; samesite=lax\nophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D; expires=Mon, 22-Dec-2025 02:01:55 GMT; Max-Age=7200; path=/; httponly; samesite=lax\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qhGJeWlzHSrCT4sWFztb3jcEgid71OUwGcaqnoNWHpLFTeCqPrhg6UTux3dOf4xTqMyUa8OczWKQWFi5zKMy1bnDa9fAsyoX\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b1b58ed19f8b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]}],"data":{"size":121301,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (410), with CRLF, LF line terminators","md5":"7b4aa7312380f02e1a206eb8036cc079","sha1":"3dd34770892a22d0af7c18ff4df2376e5b58cd40","sha256":"7f5fe63f15fac72c9fd64a4982e252f3ed6500aef3b73595be8777408cd6b518","sha512":"8684560996c09b170a60f5d15bd2075739b293c8f9df2323c65d9f997197ddd802531961d150a05d54898c1dcbbfa87b96795016b68d4eb965684ab03bd1a3ba","ssdeep":"384:O+SdpdzNE0ZaA4SGRsa9kE7XyI/99X0SW9f9fVnd09JVXVoXIdvVlV/VFVKS2vJu:OrdptNEJkU74R4","tlshash":"a7c30eb009f841ba015662d39a797a1ebfd2900bcc5a090973fd6bd9cf83e93ad4714d","first_seen":"2025-12-22T00:02:53.658472Z","last_seen":"2025-12-22T00:02:53.658472Z","times_seen":1,"resource_available":false,"data":null}},"time_used":553,"timings":{"blocked":11,"dns":0,"connect":1,"send":0,"wait":531,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/css/toroflix-public.css?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/css/toroflix-public.css?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-13004\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SGyZPY34ifCSKHPvO722raBYVBCvBqSa3DOvHeb6dQbalFd37BIBl4AFaxqhiMBAdQAL6cqYo0BIXkye3RqdjQI3p9G3qvJx\"}]}\r\ncf-ray: 9b1b58f0ec02b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77828,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5ee7b4ae0076cb294ffe3b6d83098b59","sha1":"c2b4a174328a41084060ee6bc442ee4fe61ed1d1","sha256":"056b471a8d6ca9e61d3d3e1a1345271141ef835eea2679188149b3542f2d4c45","sha512":"7bcb6a0dd16a0d680f76b16b2591b60bcd713a79715f1cf1b98cec10596942f03a8406f32e3dd0bc349b2513f64dcdeabd7065aab2bc0c3839f3e3bd42c5b3e0","ssdeep":"768:4GPoZVoD5NmvoqCAjVsJZZsUuXBfyZPHZhPqhFQafC8zvRfVzB:51NmvoqCAjVsZZsUuXBfa5YhOaPVfVV","tlshash":"3773e73b995a369c5137c6127bc067dc223d926afa164ff9e4139c10c74bf8508b3a9b","first_seen":"2023-08-03T15:59:28Z","last_seen":"2026-05-07T09:03:09.212085Z","times_seen":8,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/van-gioi-doc-ton-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/van-gioi-doc-ton-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 808562\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"98fc1ecbb3f59ffbceab54c2926abfc4\"\r\nlast-modified: Tue, 07 Oct 2025 06:58:48 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88EF8D44\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gQidjh%2BgVCI0%2Ft%2B9agqlZxarn0TYrqAZaHrPb20tm4H7l%2FRZcXaJ6w0Ku01csi%2FVlj1mcWpmDlOAXHOAEwHwa7cWqv1GZw6D9uKFxaoN\"}]}\r\ncf-ray: 9b1b58fab9f15a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":808562,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"98fc1ecbb3f59ffbceab54c2926abfc4","sha1":"d0b58bd92072334c91484aa43533dcd5754a557a","sha256":"00447abaf5e1df898509bf37c1194b68885677115611f27e2ad826ee1266a51c","sha512":"96a809f5751355a555a7748ed54ffe02e33118e076d059b4688fc06b77f32bb872cfd28a23ea3461194ffe1bbcabcfe9d4ccc7e13b1c52d5fe517cdea5e7fa22","ssdeep":"24576:xq6x05gYcFdIz6HmnBCjz07NeQdQOBi+2XUH:T0CrIz6cCz07IOQO12w","tlshash":"4e05f1504da87b0bdc9f8567e49ab47d3a1f2aec0069c0ca41899fc753df113b98d6ac","first_seen":"2025-12-22T00:02:53.660955Z","last_seen":"2025-12-22T00:02:53.660955Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3300,"timings":{"blocked":1541,"dns":0,"connect":0,"send":0,"wait":375,"receive":1384,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14792\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 17 Dec 2025 23:00:22 GMT\r\nexpires: Thu, 17 Dec 2026 23:00:22 GMT\r\ncache-control: public, max-age=31536000\r\nage: 349294\r\nlast-modified: Wed, 10 Sep 2025 16:47:45 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14792,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14792, version 1.0","md5":"c37aa11e5024b0f8908f3742c9a0d9b9","sha1":"b2ccee72f93c83b0be62da9e8bfa77943c481500","sha256":"46d6a0984aa795b764141232671160e61bdcc49e900de67ca6b35bae25b1ebdd","sha512":"dc3f2e177666b9666b0e51399f4e6600246f56865c92ce8a204c2407818b3fa038abb794341cb9d16781451db487aabc1a84e5262619fad90e6886e11fa3e699","ssdeep":"384:XZs0UC5sLGL2sZJCnfayiBoJdSpMzgZqO46EegOHBKagapO:X2C5sLsBmfqSJgMzgUPegOHBRnO","tlshash":"4d62d07198885687b0f5b7348e2f2a6f66f3514028685312acc3fc6cdb5bd4670279ca","first_seen":"2025-09-11T20:37:14.108754Z","last_seen":"2026-05-15T15:22:51.624859Z","times_seen":20503,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":0,"dns":0,"connect":8,"send":0,"wait":9,"receive":2,"ssl":261},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/phi-tinh-tam-long-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/phi-tinh-tam-long-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 146329\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"b3587944da7a7d3e4f854e5793998ade\"\r\nlast-modified: Thu, 16 May 2024 19:25:19 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18830BE5045E3E1D\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 93159\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EWr608XVs0GPgaXuVeId1mlXcsv5uIFTuX39TSD4IUzR2LBZ4zITzOryB8dm5lzpp2tXMwAxQJu9uns52xxM1LdXOSjEmkKp5zVSObBs\"}]}\r\ncf-ray: 9b1b58faca0f5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146329,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x450, components 3","md5":"b3587944da7a7d3e4f854e5793998ade","sha1":"6552fc44ddcd7d082c90452a65cecb7fc8deb5a1","sha256":"335f6b7643ae60b3a386102c4b54679fa04ab3ddced1f71814ef4638819af30c","sha512":"9006ef54429932e5ef65014bc0172e18bbfd3196f495c64c1f317c49ae9891315e389a270a10052196ab26183d8aae195d46a85bb457ee910541b38ae85ecb0e","ssdeep":"3072:6vfewk/96b2wGANHqSm5KiyBHb6olil0mm+QEkBHJiyCKgK5F8KDqKt9fAu:j/9kGANKSm5KiS5lmz/kvPCKgK5F8KDx","tlshash":"0fe3124ede05d860c0cd2d12f2e41ab1316aa69d0ef6fe69633ec786c78d75b04c156e","first_seen":"2025-12-22T00:02:53.662786Z","last_seen":"2025-12-22T00:02:53.662786Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1556,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":18,"receive":462,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251220-1/c2b7ce210ae568db35b3346211d9afa3.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251220-1/c2b7ce210ae568db35b3346211d9afa3.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 20 Dec 2025 07:46:50 GMT\r\netag: \"181b0-6465d6597abed\"\r\naccept-ranges: bytes\r\ncontent-length: 98736\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":98736,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 767x1152, components 3","md5":"7e6211460eb0e088038810a50b149efa","sha1":"f669a4cce87105fa5bac42354e2e081e6a8d1b41","sha256":"4f9dcedcd0c96770771073a9b383aa39c6c0606f22c11e8ce7184336b6f14d46","sha512":"97325a7bcaf04cbb4a083246419cfb66d542c77b182107e72bc343a399a2de058900a08ed1b585c9859fd834e59c168063caaf9287cd04ac35e75142b1f00f27","ssdeep":"3072:liSSlR1iCX9H8BoVfoAoS8SemxF0BDPUKb5tYcUuyO4:gSSlKA9EoBo4e4KRF5tYcUuyO4","tlshash":"87a312d57980b286ec4d3232888bf64b41ea716c2bd69ce985ff8e364f014ac754946c","first_seen":"2025-12-22T00:02:53.663978Z","last_seen":"2025-12-22T00:02:53.663978Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1792,"timings":{"blocked":476,"dns":0,"connect":0,"send":0,"wait":1229,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/van-tham-bat-tri-mong-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/van-tham-bat-tri-mong-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 915785\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"50c1788bcaccbbb4aa9d9a52af5c82e3\"\r\nlast-modified: Sat, 04 Oct 2025 14:09:07 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18832574A2EAF348\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 65055\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dUcT8fbtpBamNjI%2FurLVaS2oIUXVtmbWWan66iJzgR6%2BYtXtOtR1ZUKcILfmA3A60pBx4pXxPiXv4GcW2MInKadWTJUw9XbRcKJG1TBo\"}]}\r\ncf-ray: 9b1b58faca215a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":915785,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x1280, components 3","md5":"50c1788bcaccbbb4aa9d9a52af5c82e3","sha1":"fda7ada3d0774b1c745e999667b032c43f77e2f1","sha256":"224f3f21544d674104dd0299c38a1bd325bd5859ae13dd1b8047f8618d5166c8","sha512":"b50f29967afbba10c2db4f226f05af2d21ee873c1150301bab0b58a23c02727574b57ff27eff370ed8b7dddae105f32736a632e8565fe8a0efc7b04b2b509e97","ssdeep":"24576:SY3r1LsDd3JD/cxX+H/F+y+QNTV/YMBvhSj8YjeKp8p:SY8pJDkRu9+y+WhRGJeKpE","tlshash":"351523f81c67b03eca9d1590e1e7b44c520ab3f149dc864a36a52b9be7cc08a75c685d","first_seen":"2025-12-22T00:02:53.665491Z","last_seen":"2025-12-25T04:25:23.115485Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1791,"timings":{"blocked":-1,"dns":1546,"connect":2,"send":0,"wait":15,"receive":205,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/css/font-awesome.css?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/css/font-awesome.css?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-78f9\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7AZMXCAFXpZjHMv0vlxYTvkNVGjXkVmV4jHuAYLOuuJ%2F%2FMcjTVrUU9bHraMQGhcYHZwXzs3MRMSo%2FQWrRiHth3mTPVy9w1Kp\"}]}\r\ncf-ray: 9b1b58f0fc08b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30969,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30889), with CRLF line terminators","md5":"395b5ec60ca284b961f8d0150d35740f","sha1":"63743a0965a2f3bda93078b4e4de7c2fb0ca0c61","sha256":"77bca45eac811e2e72589d26472897aa8aaa785255c1cef648e03301239f03a6","sha512":"1c7194a98837adcd0dac75cfe27754b24770bfaf44a556d14120657b6778564ef81cd3631adf36cd6642215f7df1f4e330df1cf0117b5d49c77244e76a2dc892","ssdeep":"384:g5K5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaUi:gelr+Klk3Yi+fwYUf2l8yQ/e9vi","tlshash":"c1d241f8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5bb9","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:46.952616Z","times_seen":7,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/go-jetters-du-hanh-the-gioi-phan-2-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/go-jetters-du-hanh-the-gioi-phan-2-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1951073\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"333c71f789b0260bb713cebc26a1bcdf\"\r\nlast-modified: Thu, 16 May 2024 18:36:19 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18833DA04BB9F248\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 38479\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y5j2G8DALvw130u%2B24W%2BalPC7VWnXI3PPUYXRHeyMfi1QHN0Onqi1dWduMQle44TZASzWVC7j4hbYbmYClnA7j493v35%2Fml7V8OoFzs5\"}]}\r\ncf-ray: 9b1b58fab9ff5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1951073,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1600x2400, components 3","md5":"7085e478f139667f301e62ec1ee43f57","sha1":"f298dfe17b8a9fd02a34b0e660fa356caf749c2f","sha256":"f187cadcc293a19f049a30619c3eeec62a420356ce779b755d29c57b1b05c3a5","sha512":"32d80a5c6c99d06286820003442228c7c10dd90bb3d518702e17812754fa898003da5ffc401f74b080ab215c4c2e8732b78a92c9708b16163412e49b715fed69","ssdeep":"12288:LSMOVYdxv5TlwBd5wE2yf/4T2W2xBN6SlqWiLbalAF2JPQvhsqkEt3zWcnZFKrCP:dradugzrtiLbaldukgWcHKHEx","tlshash":"73250131f7c7eb1a270f227e887e7d3b570142d020c8595b62a31c51a389fb6a5636bd","first_seen":"2025-12-22T00:02:53.66768Z","last_seen":"2025-12-22T00:02:53.66768Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1674,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":7,"receive":591,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20250413-1/b9bc472212119710d6b57288d815abf2.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20250413-1/b9bc472212119710d6b57288d815abf2.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 13 Apr 2025 13:05:27 GMT\r\netag: \"37064-632a896e029d1\"\r\naccept-ranges: bytes\r\ncontent-length: 225380\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":225380,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 657x950, components 3","md5":"b64ced52516ec3185a7d78cdb34fd51d","sha1":"4eed55c9c82947039a48ac47b1a038959a9c2794","sha256":"89cfd404daf7d0d7b4ae6808fe06f96d616323bd2c59b1b84f7aceb47167d551","sha512":"850a9a5382b2f01ba5430422ce0bfc4ec98afa281d582b1a233142130c8318053ad34538339fbfe7a92b28ed2de4568a0e848020b41fa4f9a0a43e3b996c6b00","ssdeep":"6144:ahWkZzlvnPGtknSygTYuhlt73NwVw4jLi0HwP:/6lvOtkd8bltDcjLiB","tlshash":"b8241341c3d97a08def82267e9b774095d062b1e9ecd900689b04736b66eb138fc332c","first_seen":"2025-12-22T00:02:53.668774Z","last_seen":"2025-12-25T04:25:23.123069Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1678,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":1566,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20240821-1/a651652396e9f53c09cd88d28700d5c4.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20240821-1/a651652396e9f53c09cd88d28700d5c4.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 21 Aug 2024 10:24:13 GMT\r\netag: \"1ad3f-6202ef195a3ea\"\r\naccept-ranges: bytes\r\ncontent-length: 109887\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":109887,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x750, components 3","md5":"cf94a88d5dfa809ba30f5c4d0e350d95","sha1":"b8ec8750ce1e574ce67e6ff6ec41ae1749730c1b","sha256":"9f32377c294225229599b49c7a6511c721f76e4173638dab0bda759645b22acf","sha512":"a7c29e95f63c8a6107a7e247f4e24407eb4786f36d32c3a750af2c2b082f93fba934d393d36189198331c3c1a83966d8fec3871c15c0399da3bcc1abb0d99a3f","ssdeep":"3072:pDw1Z/v8IEI4z0KsNqjiVjK0xV11mgexjEm:aT/v8I6z0pcjYeiVzr4Em","tlshash":"81b31203bc0eaf0ffc92e57518dd6b5c5a172599bda822587181e42458cd3f21fa0fea","first_seen":"2025-06-21T21:41:27.206943Z","last_seen":"2025-12-25T04:25:23.119002Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1791,"timings":{"blocked":478,"dns":0,"connect":0,"send":0,"wait":1230,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/ngoi-sao-khoai-tay-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/ngoi-sao-khoai-tay-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 147677\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"b702171e94ab5ca7844df6543ce50677\"\r\nlast-modified: Thu, 16 May 2024 18:07:34 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F883BAE68\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=niVrB8RW9fue%2FOvCP5wT5obFNrhM66kcoW6VxO0YokYKYTTuLbPKzv6cPi0Rds0x67tfBnSORW%2BZWv5IbGRZFh6Th7Nf%2Bb5sSO9N%2BcTM\"}]}\r\ncf-ray: 9b1b58fab9f45a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":147677,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 360x540, components 3","md5":"b702171e94ab5ca7844df6543ce50677","sha1":"defe9b988fe7c2e79890ed5a5716426480b00722","sha256":"5ef1ea0bf10f3a389822fac6d52c9b2da6daf2aa75fa2cc33580ac54e29e1962","sha512":"25dbc09914a94d3a838310ae2cc5479877b389a1d1fd919c584d360334d5a0ee6949ccce9cdaf0dfa7e9e19a549b19abc93657b2f47c16ed898e2df2c8190a60","ssdeep":"3072:WaIUOwsSKUCPXDIo0QFQF6vxfViAuGv2vJ0W8r4/9:9gXSKUCPXDZ0qo6vxfVdv2iW8r4/9","tlshash":"78e30268eec0a720ef8d0a55b4c60d141365dff82ac0a5cc7666ed87f35c79aca115ec","first_seen":"2025-12-22T00:02:53.671525Z","last_seen":"2025-12-22T00:02:53.671525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1854,"timings":{"blocked":1072,"dns":0,"connect":0,"send":0,"wait":330,"receive":452,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/nhung-cuoc-phieu-luu-rung-ron-cua-sabrina-phan-1-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/nhung-cuoc-phieu-luu-rung-ron-cua-sabrina-phan-1-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 829863\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"fba56db2ef11c6aa151885536959e524\"\r\nlast-modified: Thu, 16 May 2024 18:02:09 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F8940F36C\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BRhUbWD6iET%2BI%2Ft7DbC3lAGsPkaYavJUnIBGf%2BNr82UlbrNZZnKj0hsltnIKxEejM1RiG49oBfCzDC5W2niQ%2BhWYKx3DKmSEoz7gWtGo\"}]}\r\ncf-ray: 9b1b58faba0a5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":829863,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1600, components 3","md5":"fba56db2ef11c6aa151885536959e524","sha1":"881b913b837e74e3ded2ba016f4ef34f0ef3b83b","sha256":"27a762fa93fedde8daca825ac9664c8e65c8c1ede8cb65ecede48fe000edcb9a","sha512":"f4e4f64d1ef265269319d13aed72a3a090e38a335bc7768d0a050fe8782a252730a9a3087567afd0a1385f86ef9fb19f5ef4b230396227cd7abd59a5e295b7f0","ssdeep":"24576:4/FDBFyDYSJBcrB5/FJuU9+SJyqe17GVnO9pR8m:497yDYSUrb/FJ1pJyqRiR8m","tlshash":"f8051230ab52e328db5d46b8f8cfbcae3a4333f854d9887502119d4ab7c991b2d5761c","first_seen":"2025-12-22T00:02:53.672817Z","last_seen":"2025-12-22T00:02:53.672817Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2897,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":373,"receive":1448,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251220-1/558deebe9306d507b6b9ccfce65a93aa.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251220-1/558deebe9306d507b6b9ccfce65a93aa.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 20 Dec 2025 13:10:22 GMT\r\netag: \"3e043-64661ea9d2c03\"\r\naccept-ranges: bytes\r\ncontent-length: 254019\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":254019,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1000x1500, components 3","md5":"97eea7f0ff2f438441dc1ec03343c8cf","sha1":"77fcdc66f3bfb23724382aedd0cb8e3129caeda1","sha256":"5715ab03e3d695a26afcbd8de8db18e661234e8254eb712025f86b40432cc11e","sha512":"f6a5452c9fa86729fd02d33250af6a5e734608f947ce3ee0660d2e11f7a1f5a816d147bf1711ba703081bc82d8190934da3e142e546a2153850cfb522a872be1","ssdeep":"6144:UKLFLpiNsuysB3u+FYgI5lArckLrOcT2ZLJ1Yc21kj222fdXs:UKyNvtu+qEcyr8JJR2CBCdXs","tlshash":"044423e028152ec513d24b71d342ed659af9789e351561cc80b893af7a31a7fe378ac3","first_seen":"2025-12-22T00:02:53.674032Z","last_seen":"2025-12-22T00:02:53.674032Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1844,"timings":{"blocked":477,"dns":0,"connect":0,"send":0,"wait":1229,"receive":138,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/thoi-khac-qua-cam-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/thoi-khac-qua-cam-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2832391\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"34c201f9bc49e01d4d1552da05f5b5e5\"\r\nlast-modified: Fri, 19 Dec 2025 08:34:34 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882A9DCE4B1B640\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 200946\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WSZpxpj839hzJp2ysOnwltG1WRDHZMD1Zjd5eW%2FFGHup%2FIb2HVubP0UWsm%2Bfrjh5wXE1ntJb%2FdpFdYR95Y3DHWdM4YG17OLBW%2FkcsBg3\"}]}\r\ncf-ray: 9b1b58fab9e25a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2832391,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1482x2222, components 3","md5":"9aedae1e1a8bd9b229e6e469e1771d6b","sha1":"215db599f6a6f9221b426a606eaf015ee38d5ab5","sha256":"5acb5023daf2f5d20fe1414abc2d2a9a7254c49accd399a5f668f433cd57023a","sha512":"04f15e448836e6df704dd040e7932cb7f49fd5c153a0e5640da237a800c8ed3b114e1b1034b565508bcb433d2b293056331fb8e28cb035591e00cbb10435f2dc","ssdeep":"24576:wfC+SSUWBY/wAG3cfw4PaOwrOqsYpKGN5eRLD+nFF0vz/WN:wqSfBYoz3owcahsYpvN5IcF+KN","tlshash":"2c25124bb93bf54a3e0c23b0f885b89c0644d36932c5d66e5b502dbaf7c03a994476ed","first_seen":"2025-12-22T00:02:53.675219Z","last_seen":"2025-12-22T00:02:53.675219Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1961,"timings":{"blocked":1542,"dns":0,"connect":0,"send":0,"wait":8,"receive":411,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/dai-hong-thuy-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/dai-hong-thuy-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3221124\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"e5d28dcbe470e457d6fa188a531bccc1\"\r\nlast-modified: Fri, 19 Dec 2025 08:31:16 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882A9DCE4BE6D77\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 200946\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OgH2f5LSUSbR5n7E7rhJywZDYMsIltZhCdCZmZywpPTaXP4Gme2MA3%2F%2FJU%2BdfILQxHpkhm2BMnajE3h9rwZdaAayxkORykKMcAQqJPis\"}]}\r\ncf-ray: 9b1b58fab9e85a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3221124,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1500x2222, components 3","md5":"8d99f7886a8fb5b707072545c890a8d0","sha1":"9e7310658808fe50f52701f721279d5d3b83efc9","sha256":"9a02bddefeb78c5f3c4ac53a618facdc33b6bf50925901c0e24a76e77af28aed","sha512":"e98ea9c8a976fef6330f6cbbe11d26e525f9748431a043ed61fd35e052cd6d36fde84e965f7b9af1e6bccf9e05b7912625c130b6782da956c676bf9fa02a358f","ssdeep":"24576:c9qImCGFRuau6vpP/sbbq8AR7f/js9w0Y78kEAe:c9OFRu9EN/sbe8AlfGw0I815","tlshash":"c0252301be75d0be9d6c96a2c09e744e1d0d37d611e0dd3c82066afdb6ee74a480bb9c","first_seen":"2025-12-22T00:02:53.676549Z","last_seen":"2025-12-22T00:02:53.676549Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2024,"timings":{"blocked":1542,"dns":0,"connect":0,"send":0,"wait":8,"receive":474,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251023-1/6399ce40093c6789648341357062b48b.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251023-1/6399ce40093c6789648341357062b48b.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 22 Oct 2025 19:06:40 GMT\r\netag: \"b30d7-641c404354337\"\r\naccept-ranges: bytes\r\ncontent-length: 733399\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":733399,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"076acaa02a66158dd22a0635ed53f9ad","sha1":"335a86bebaf5ee768aea033150c70e94e8a4ded1","sha256":"3163fa3fa02e283c7536f378296097f1bffcedb12912f7ccad8907f071f9436f","sha512":"86dcb352ff6e39dde2f90b1bc799fa662cffadb4e8e16bef62aaa6337d20b1ce7972cfa08658ea823ce6b59ab1361606ae94f02debd6f5620cff880b149a8555","ssdeep":"12288:L4F2hzaZR05w1n5a84Eg9sPGShWIC5CHnptpeab47czOdazCLOGOA1hqRyJzkHzY:S2hbKfEsPGShWIdHnptYlw3eZJ40H","tlshash":"7ef423ea0755466eda3c9bf43c3a116012b32dae71852e83f16a9cb111beb335474ce7","first_seen":"2025-12-22T00:02:53.677803Z","last_seen":"2025-12-22T00:02:53.677803Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2040,"timings":{"blocked":474,"dns":0,"connect":0,"send":0,"wait":1460,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20250224-1/f68af9aa9f67c035f72938fb5291ba55.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20250224-1/f68af9aa9f67c035f72938fb5291ba55.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 24 Feb 2025 14:59:18 GMT\r\netag: \"94a1a-62ee495a596ad\"\r\naccept-ranges: bytes\r\ncontent-length: 608794\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":608794,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"efc4cddc497307360b5c30504a801ccb","sha1":"a4dca4f46c39ba511c622d61c59797d41a2d18d9","sha256":"33f8cf8b8616845a734d799334d4f94be1ab254633806dc448cfaaadf5f87fff","sha512":"596f2447ed947e0d622fd36789b78158b0d445395f3e160c515c1f7be160ec5d53bbc1fb4665cd382683bc0ed97db18284e61225ad1d41345c595b4cf9718ba7","ssdeep":"12288:s7ahOsEbJz7hd+i4DzTwlKi5xcHeZEn+1PpGcdz5kQMc/Z:s+hOsEbJz7hoDvwlKi5xEeG+1hGA/McR","tlshash":"44d423694f04b095dedd0a3af4a91313edbbcd5c8175984c650227423bbb198bfa7327","first_seen":"2025-12-22T00:02:53.678963Z","last_seen":"2025-12-22T00:02:53.678963Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2032,"timings":{"blocked":474,"dns":0,"connect":0,"send":0,"wait":1459,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14724\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:55:38 GMT\r\nexpires: Sun, 20 Dec 2026 10:55:38 GMT\r\ncache-control: public, max-age=31536000\r\nage: 133578\r\nlast-modified: Wed, 10 Sep 2025 16:43:54 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14724,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14724, version 1.0","md5":"b8be966e335e865e3c73faa8cce0ed35","sha1":"d0cd995e87f5bfb0206759b83e5ef25676d0edd8","sha256":"06b675a649489d21b7fd33f19b1c6d37e8bd778ded07ecfec26bbc8f11e694f4","sha512":"2257e0a09a86666b280d44ae551a33d17a6072043a2c38f0bb905847b66217809870c8cd6ab3a6ebce3e04b2ff79bedd11f1b18c7d65c231f8c9f21ed8a26e5e","ssdeep":"384:wK2JDEZSzIQA8yHGXMXvQDxyrGCQYamlyFlGWD:zrB8y0zKmYasKh","tlshash":"f962c0d2c64154daea05b9b35f612538bc99bf462054fd0796cbe41df7230a8fe382e2","first_seen":"2025-09-11T17:07:37.682239Z","last_seen":"2026-05-15T14:37:10.468382Z","times_seen":36667,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":1,"connect":8,"send":0,"wait":10,"receive":2,"ssl":196},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14876\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Dec 2025 12:45:14 GMT\r\nexpires: Fri, 18 Dec 2026 12:45:14 GMT\r\ncache-control: public, max-age=31536000\r\nage: 299802\r\nlast-modified: Wed, 10 Sep 2025 16:43:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14876,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14876, version 1.0","md5":"f3123e85194abd443cce2d67011a2492","sha1":"fb82ae035f301d2c2d47b64abe0e4f28fdc46a6d","sha256":"156650610835fe32914722ecfc8dab0ebbb84795e201b842158afa0ea873cfa4","sha512":"1aab412233d01ef623e349dcbfd387b930e42c6fc80a2e1f892cc19979db2e59f5f5dced33c69b32db2716286b454b8c2368d3e42644377aa10e196952122655","ssdeep":"192:qJ5lReG9wrdpmtTUniXkMpzKdTVVANX27iPr0xesgwH+Y2oBmTp8w4t0F3qJTQky:SReDrmgnixp2dZmiEKf2owfF3qy9yY","tlshash":"6362d04f3513af70e15ee777d0fb7d292443bfda600c9d9891a395b4a44a01d207bb42","first_seen":"2025-09-11T17:21:57.325452Z","last_seen":"2026-05-15T15:26:26.944069Z","times_seen":16755,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":183,"dns":0,"connect":0,"send":0,"wait":12,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmBduz8A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmBduz8A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 5852\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 12:02:54 GMT\r\nexpires: Sun, 20 Dec 2026 12:02:54 GMT\r\ncache-control: public, max-age=31536000\r\nage: 129542\r\nlast-modified: Wed, 10 Sep 2025 16:43:51 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5852,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5852, version 1.0","md5":"95ff35a89bd7ae792d0a81c3dc64bebc","sha1":"0720c9111be6ddb91eb6b1acb6e2f671cb5eeeb5","sha256":"615c0d875de2ec25e22bba41b5cd0e1184517a90916cfac8a4be8467539a5c8f","sha512":"7a8cc9e22bd64b3d8a12574c9079b4f24e97c23cc002ea63b2a883b7c2caba748f494c36892b96f33bff3dc8930bcfe4ed11c360f317319a923853ba01b6981d","ssdeep":"96:LZE3AgQwDYeAVNCSpioGBpJe2rquPXFtr2E56MesFBh9sJwwVfPb+ezKlxkReZzs:2QgQXnyvBvlqKFtr2I9sCwVfHKlxkReu","tlshash":"7fc1af88b1951dc1c58a02f550a7d76c8c67b279b261e9c26ec2623df1b224f153e4e3","first_seen":"2025-09-18T16:21:19.588836Z","last_seen":"2026-05-07T09:03:09.247115Z","times_seen":24,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":183,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/ultraman-omega-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/ultraman-omega-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 404834\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"cccf2a5a24e7ff33787b63512aae976a\"\r\nlast-modified: Sat, 05 Jul 2025 14:24:44 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1881CF35CF3F506A\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 441357\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WJUYqfe61vC7i6BToXcMD5xc3TXKNDBiMXM492xCTJrlhv0qb%2BLl9ezHew7FP2Z%2FJ%2FrjsiNEVEYj%2B3Ni7%2Bno7gtRzygTxHGV4KU%2BvTRP\"}]}\r\ncf-ray: 9b1b58fab9dc5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":404834,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x900, components 3","md5":"cccf2a5a24e7ff33787b63512aae976a","sha1":"d2fe4dba928ac608f9cd633d835b24bcabc3369a","sha256":"f844a6c3ee0abcb2add42e4a30892d64b62456b203cc905a44d1c24bfc2fb189","sha512":"337feed8a16b115de7235eb3eb9ccadea3f6ecc09db63b0fe23a877ccc79cc0d548b27981f2b0be42bd508c6f472a0e00f059ddac555bab3b4622ed98f08a277","ssdeep":"12288:Dpf3wI8hfNSAdValDLwngmyIYNz3Irk/UTwrH2Wc:5wIUfX6DL+gmONzYQcI2d","tlshash":"cb8423f1e753e30d275d4241922a5c1b1049a6fa219ccedb9aca4fd4f3cd066a66f23c","first_seen":"2025-10-29T23:11:15.26692Z","last_seen":"2025-12-22T00:02:53.685338Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1715,"timings":{"blocked":1544,"dns":0,"connect":0,"send":0,"wait":11,"receive":160,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/muc-than-ky-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/muc-than-ky-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 843974\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"25906af638a573186d8e543d84b96fb4\"\r\nlast-modified: Tue, 29 Oct 2024 10:37:21 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88C4F032\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lkM9SxpY0PUiPd1T%2Fe5He0RuIhk4KkdMUWyzGBRm8hg3BCUh6glC%2B4d%2Bp4zY%2FXBUxTqkqGgVVAHsjeyGVzao9z3XKL3fo1UE8Y7L8HYC\"}]}\r\ncf-ray: 9b1b58fab9ee5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":843974,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"25906af638a573186d8e543d84b96fb4","sha1":"b8aa8a2dc36ce456db1317e82c1fa17b6aab36e8","sha256":"d26a7f95de0b16dc099635e43bb6325e43e0381586690da74e397afb0e9dc666","sha512":"604a3d76a8e6faef6c7f707f9c5c43ed340343682c0bc34abedd77b30afd27ad0021c2d05201f39d198fc3b2a0fddf828174c1d2285092bbbdd0995f2ee8bd39","ssdeep":"12288:d3K2DO7lDIsUcjkcolIyz+iaP4/zCf09iNy0ODqhbUlMUsELKtpB2jnn1A1:d62DyAcYc2Zz+in/2vO+elM/e61","tlshash":"5b050289c7f89d1598ae88b5ae53bc7f3601259d149dd07b223b2a528ec941bf7c331c","first_seen":"2025-12-22T00:02:53.68709Z","last_seen":"2025-12-22T00:02:53.68709Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3188,"timings":{"blocked":1541,"dns":0,"connect":0,"send":0,"wait":360,"receive":1287,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20250224-1/b0fbe7438249971ad91919273bf59132.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20250224-1/b0fbe7438249971ad91919273bf59132.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 24 Feb 2025 08:45:18 GMT\r\netag: \"1df17-62edf5c22c5a7\"\r\naccept-ranges: bytes\r\ncontent-length: 122647\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":122647,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x1345, components 3","md5":"4784b6ab6169a4d52e6ddaff0ed20209","sha1":"97ead6b885a531969b462ea4794bbcf94c2be5ef","sha256":"b887c9676669f72763087cce2a0b1f485ed6f6e465d7caa9db38e540f83e0e30","sha512":"be0295b39fdcba1591bb91077c40cb5e40188835d7d72cfcdbd97bca774ac7fb4e243d30cb95d62c40b177e7f65ff7b75c2f8cdfd137f26a6ded9f902f9f9069","ssdeep":"3072:qEa5TUwQizw4+JZdPYjAKrhTNgRdUFlHLbE87XR3jk:qEaiwFzwZZRkJCRdUFlr48zR3jk","tlshash":"1ec312d62cad89411c3430b6060669f7237d2dfdf40b2baa17301ef79d5c016be18daa","first_seen":"2025-11-10T13:49:39.89461Z","last_seen":"2025-12-25T04:25:23.144614Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1678,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":1566,"receive":103,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/img/cnt/rating_on.gif","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/img/cnt/rating_on.gif HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: image/gif\r\ncontent-length: 523\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\netag: \"67f4d167-20b\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eATAFypA2n5xb6KZvAjANZ2Mj3nXjdfX4kMNXr%2BMm7FTPSLGwKgnoznaKLRbckHlTXcmCYocih850v1PsNPaWUhLlw0tUFaW\"}]}\r\ncf-ray: 9b1b58f3fde8b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":523,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 12 x 12","md5":"cf853fb872bf743ae8556423ec0259ee","sha1":"646fdebf47dfd354ece7ad18f6ff041059e4cd58","sha256":"cbd3ada90ee6d7f06fc267fd393252b2e4e56e4d7a106ed8fcf3de8c294db136","sha512":"ff15720b50edf89e4f63bf54e4c224460652d8d325a08a25fc4dc9326cd64ac497f66218b2d952efa7639a73ef3b951d23f6ae891342b7c157f8abe656f47bfb","ssdeep":"","tlshash":"8ff0fae00470dc5fd60937724514f635f65475d16101059d1fdd37577913410b051575","first_seen":"2023-05-05T09:24:01Z","last_seen":"2026-05-15T05:46:08.455828Z","times_seen":370,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/huu-phi-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/huu-phi-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1237397\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"d4166185142ce03b919a38f00f11d5a9\"\r\nlast-modified: Thu, 16 May 2024 18:20:31 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18833C24E35182F6\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 40108\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KJjt1Z1aViR2iF34Ijgs8TGwAhjDoZgkFlBr2hCTRG%2BupRvI3x5NstDjzWj1fswsyhMx1eRks34%2BCput3Fivn%2FR3VMhkPqw87QgneC3d\"}]}\r\ncf-ray: 9b1b58faba025a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1237397,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x1260, components 3","md5":"7a6d93048267455a6b8c5e26f93d3622","sha1":"9f6295313e0878d9a9117ff0fa3b2314718b776d","sha256":"0368b29b271b6ae69fae0b75d041fd29879c3ee5d43b1cd7e10db4529173e899","sha512":"043363d5297b958f8f7f62767c29b09b6145c8cfdab24efd1c3a703fbc83e1571d8c6b25dc2fef7bdf68b7b53594fc9d7edef89965fa5d2eae15226ae2aac997","ssdeep":"24576:ku5CFwmTXa+UagaD0FiCDcG99PKGaAWR4BqySsj8zgkp9Sjyb:n5QwmeDawRQIuT4Bqy69CI","tlshash":"7b252329149b702a5edd3773f129968e1621e3f561c8df9802055fb8f7ef782a88613c","first_seen":"2025-12-22T00:02:53.690124Z","last_seen":"2025-12-22T00:02:53.690124Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1657,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":9,"receive":572,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/icon-tvphim.png","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:59.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /icon-tvphim.png HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D; _ga_627N11083D=GS2.1.s1766361715$o1$g0$t1766361715$j60$l0$h0; _ga=GA1.1.911305051.1766361716\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 1006\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:44:03 GMT\r\netag: \"67f4d3c3-3ee\"\r\nexpires: Tue, 22 Dec 2026 00:01:59 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9THYv7VWequa5sHkKW3kWMQxEKZcyeyeUOassB3vPlaLkH6LKmMz4GFNjfrWMYdZ%2F5fvgVo2zbxdx3WdNe%2Bgu%2BQelkpZJNnl\"}]}\r\ncf-ray: 9b1b590b4b2ab51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1006,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit colormap, non-interlaced","md5":"4b34f765614bca1dd3d118130c864e58","sha1":"1d077a62a63f745c248ba5da22be788ee355ee1e","sha256":"47b95b75b67d12d56a28a09802b8c4fb5e0b1d7846a457cd9ac3006f2858f618","sha512":"3422cae397f36aed8792d4e7a4cbcea0a41d7341a26417c30df84fa007999f641f27ce26e6afb389cbdf8f84eb87152d77965450853d810d01ca2e0af12204f1","ssdeep":"","tlshash":"2a11a8460570df774aa92098d110b1ffd31d62632ef954982640ce7ed5b26f752dc352","first_seen":"2025-12-22T00:02:53.691674Z","last_seen":"2025-12-22T00:02:53.691674Z","times_seen":1,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/luat-su-cong-ich-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/luat-su-cong-ich-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3157232\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"26593a4780951c0f3ad4fb4459c54c23\"\r\nlast-modified: Wed, 03 Dec 2025 10:14:40 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18825203D3F90F2E\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 297536\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1AtKdmjhK9zFpIUj7vx3dp5hP3SZ9kNYUIsAl%2FMWfnuJv3O5aGCw8NmWOfaaeMGIEOjKcAjasuKQZnkckM7%2BgZR9591J9Qxalk5MgGzy\"}]}\r\ncf-ray: 9b1b58fab9d85a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3157232,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2000x2861, components 3","md5":"d892a602a0d588d8707d925a47b13ce8","sha1":"f711d92408bf1529d5335240d77285dbbb5174f0","sha256":"d6c1fef8348d41bdfc9daa064e2e1bd73d3504c3df79db39815b893603635fe9","sha512":"fa0f2aecab13fcc3993b1d54bef69cc5a2f3f181d6bb7bd1f541ffc83aa1b84d0283f5492fd9df407eff624db0ad3f5e16eeb3c848b00c1ea2c64890acf7d3a0","ssdeep":"24576:3gOjIuDaxsCEYtSVss677za2qNwSm0RLZUBOmGgQ9tuvIzll2tL:QOjBzYtSKskzzqNwSm0hZUkmGgQ9tVp+","tlshash":"a5252222bd1b24966a0c27b0f0a5fd4d5a42b73c29d48f2d67c95e0df3da71adc0668c","first_seen":"2025-12-22T00:02:53.692636Z","last_seen":"2025-12-22T00:02:53.692636Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2006,"timings":{"blocked":1545,"dns":0,"connect":0,"send":0,"wait":8,"receive":453,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251208-1/4d466b18eaaac0bf28cac405ba22b4e7.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251208-1/4d466b18eaaac0bf28cac405ba22b4e7.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 08 Dec 2025 05:20:59 GMT\r\netag: \"92fb9-64569f5e27cda\"\r\naccept-ranges: bytes\r\ncontent-length: 602041\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":602041,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"f9fc7299c8caea13c971c7875d4104e0","sha1":"4e9cf3f148e4b9003ded1ad0535b45ef46313b7e","sha256":"82a8a08dacb4962b2cc78c0d4042a8a3dc346f1f042a54eb3dceda83e8ff1c2f","sha512":"1ddcd781a0432b7f84d98e80935b6c428643ddf64a10779079e8770b8b09a1f794b2cdb7a0ffc8beb568b137fa6df105d7f37ad3ab033d9b0abf56937e448e4d","ssdeep":"12288:2rfmlAOsDdiL5SIqLr0Gg36bJt3HSM2uQKjypDWqNH6fk:ScAhM5nqD46/HS7uQKQFl","tlshash":"33d423fe98768de3cacc9b7419ce637b9b11933c06cb3dad35438e41b214194ab85476","first_seen":"2025-12-22T00:02:53.693805Z","last_seen":"2025-12-22T00:02:53.693805Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2188,"timings":{"blocked":-1,"dns":26,"connect":160,"send":0,"wait":1509,"receive":5,"ssl":487},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/ky-an-nghi-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/ky-an-nghi-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 516472\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"4095ac3beacc30af40d3b5552666132f\"\r\nlast-modified: Tue, 09 Dec 2025 15:43:33 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882F841F86C6E33\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 114750\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Lp3PbzesAOYPY9tDhiVrz%2Fj6kmA5yROqkBKntPUeeZrwBP5MEFfI3p6%2FYswLXNWtMUC8YbLabpA39RjNPeOP1SsuUh5DkooVDczfPgtJ\"}]}\r\ncf-ray: 9b1b58faca225a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":516472,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x1152, components 3","md5":"4095ac3beacc30af40d3b5552666132f","sha1":"6399e679bb96bafb883f36a0b24bec1dc24dac9b","sha256":"542a8c3df587be7778273ded60f86b0cde737f9ce0f3fc8816b6f03764ffbc04","sha512":"ff48f34959e316664cddbe07cd67b756fdf16b27749d34310c318887ba5af6f9370fa70f5f6da0c529aa4f3a203a3dc769f82c6f73425f7797d850c86524df4b","ssdeep":"12288:abjXb1iPlVjSI/LeMmdOH9o0LbZYTLV8PbKn9ZU2a:Y2lV2xYdo0Ll2qPbgza","tlshash":"b5b4e190c654bd2fe4ae8580d556bc5f2d5e3aee006d88fe21894fd247ee413fbca184","first_seen":"2025-12-22T00:02:53.694887Z","last_seen":"2025-12-22T00:02:53.694887Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3301,"timings":{"blocked":1560,"dns":1547,"connect":2,"send":0,"wait":15,"receive":154,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/chainsaw-man-the-movie-chuong-reze-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/chainsaw-man-the-movie-chuong-reze-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1778982\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"4f9f2e8849cda81e40abecc76b633804\"\r\nlast-modified: Mon, 06 Oct 2025 15:10:15 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88B9C88F\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KXTbCj8lU%2Fsrmo4fmunqqMht%2FuJv3ABo5i3Ysx8tz5BR0cbS6qVAisziwcVbGcnUDCb5Bb5IRPdRqgRu0pkGgMP1FTY8xQmtChc4LYyx\"}]}\r\ncf-ray: 9b1b58faca1d5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1778982,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2556x1434, components 3","md5":"46a90a7a505e38fa4c4962839bfc46d9","sha1":"b9dccb14435523e8fc9907abb8eca4649b32e0c1","sha256":"703d3768160f385ac71e3df638a1e88d82aca0c1cac7bf1b464407cf4cd09338","sha512":"1c51c712611d7e96f3c7a1deb273564f65e00c615226fc6b1eb9ef4054c159848740614b0cc3ac19be37035013b705b628f7cd8b10a56ee12c63d6c1c3748dd7","ssdeep":"24576:jOVGBmX9MPaqMoe7TO/ergTAmpv2zLhLI7YRndQg1eSV/3:KVnwazoeXO/qgTAmpvuZ2YRndd","tlshash":"a02523a19ad2fe3eea5c4164f4d6fc0f391537fd61e8882e51210e96a3c9703ad8b54c","first_seen":"2025-12-22T00:02:53.696139Z","last_seen":"2025-12-22T00:02:53.696139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":5342,"timings":{"blocked":1558,"dns":1547,"connect":2,"send":0,"wait":349,"receive":1864,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251201-1/d4b3a35d9f7bc137d860c003a408c249.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251201-1/d4b3a35d9f7bc137d860c003a408c249.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 01 Dec 2025 10:04:05 GMT\r\netag: \"870b1-644e11973b15f\"\r\naccept-ranges: bytes\r\ncontent-length: 553137\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":553137,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1200x1800, components 3","md5":"c5599f51f41bab011d3b117a960fdbf0","sha1":"3897537efb843fa8d272e2c8f771fbfa33dc001c","sha256":"1f31eba311dc2b6dfd48de3ebe3c2f0078d622302d084a9e18d57960ea309297","sha512":"ae78e0891d7df0eeb0d6ee4cb50c7cf75e3228b4b23f67c9335ae10854c5e67f22f7d75f8b2aa31b77b3b1035f3fdaa7c7efd0a0847c611ea3a7d4a24c03e1ef","ssdeep":"12288:nSblNIra4r+lt+56T9NFSKL/uOTMIfTzglCyx3hH4iI6P:nSbw3+lt1AC/dMIf/g9Y6P","tlshash":"c0c4232091c4b97ea9ef2c58c09e560d23b9ef0e5a04d704a398f0615ff994e15eecd7","first_seen":"2025-12-22T00:02:53.697187Z","last_seen":"2025-12-22T00:02:53.697187Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1439,"timings":{"blocked":-1,"dns":25,"connect":153,"send":0,"wait":305,"receive":642,"ssl":314},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/van-gioi-doc-ton-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/van-gioi-doc-ton-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 282128\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"47e15d74cbb217c61c9ebf9297be0890\"\r\nlast-modified: Tue, 07 Oct 2025 06:58:46 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882FA6B95442EDE\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 112372\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1ptEg9VHt39oYsf0PHkvXE6B38xpUvpNY7GsNb8B83MYRo0Ubi7YYUAeruHdyxE%2BMbVS%2BngMt431yGWtIid3qCPIGoPDJgQoNEAkDF8G\"}]}\r\ncf-ray: 9b1b58fab9de5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":282128,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x750, components 3","md5":"47e15d74cbb217c61c9ebf9297be0890","sha1":"8154cc69a2a9d05b268b44ab321b3d626a8b3a21","sha256":"b75ef025ed39c886d58247bac061334690522386fd4bc3ed0ea12d71cafc6267","sha512":"eaa322bc62220b42f7b7512d27ae083ea760b09a80f1ceecfeb6923a54a6a3f3adbf5b63f8d952f4d714c6adb3e87dc25a1f41dd720e6bbf8f864e2392c3a700","ssdeep":"6144:T79vCCjm2KXRq20RQggKGJVXWE/BtUaFtHDrFWdgYGDdy0ysupHtTHZ83U2ta4Ef:bjolXggRJwOttl2grAsupHtzG3UEndij","tlshash":"a454233098b5b359a6ac55399cd4cd0f2236a7fc61f0d94a8c514fc9effec1a2a4849c","first_seen":"2025-10-29T23:11:15.328864Z","last_seen":"2026-05-07T09:03:09.164705Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1649,"timings":{"blocked":1543,"dns":0,"connect":0,"send":0,"wait":8,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/ashoka-dai-de-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/ashoka-dai-de-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 412731\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"b21acb68b951860a3a25e2978a2ee25a\"\r\nlast-modified: Fri, 01 Nov 2024 02:40:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F885F7031\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=flgsT3Fg%2B%2B6%2BsqHdrEnRzHkDikGj9VilM0zs4u6m7moWGsk9qYozXPiswmV1BvirxeKJezmZgIU%2BnCHoqQ%2FVo%2FLvo2s46rGuDFGNpZbM\"}]}\r\ncf-ray: 9b1b58fab9fd5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":412731,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x898, components 3","md5":"b21acb68b951860a3a25e2978a2ee25a","sha1":"873279b58179a099328d104d1251a6c9916a9d4c","sha256":"4758ac96c09a0435d7164df90aa3e708ecd4efa177dad41445af278dbd86ef75","sha512":"98ac272a7f172f8166530366fc72aeb38c857a4b75d72d78d9c3195de5934448fd759b23d69bad79f27595f1287c6852a874422a4c1a88b90d0a66549b6738c6","ssdeep":"12288:8S4msViLKhpJudctybK5hPy9ndiQKZr3H15Pd4:XsbpJud2DO9KZr3bPd4","tlshash":"3b94234e1b6e456bc0ad50b0bb43adafd511d2288cd9e13a21357f67f6c604970cb2be","first_seen":"2025-11-27T19:29:54.30785Z","last_seen":"2025-12-22T00:02:53.699295Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2099,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":326,"receive":697,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/ao-anh-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/ao-anh-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 944625\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"176b175111ce8597bf973d8c74b65ecb\"\r\nlast-modified: Thu, 16 May 2024 17:41:08 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F887BCE6D\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0zhLZfjJCm1qqh5i5qIDvGcpzeaAeaWqBBNA2wuzd1qJnn1bd3Kj19Knimy1%2FvFphQ57zyhi1%2Fso0Yl%2BphCA2NzyfpyRGS4e%2BOu%2BW2KM\"}]}\r\ncf-ray: 9b1b58fab9e05a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":944625,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1418x2100, components 3","md5":"176b175111ce8597bf973d8c74b65ecb","sha1":"f6e37f3f19362b6d99c1979029604842e4d3880c","sha256":"fae9924f2ed71d511c2f3355f71a18d0a9c7d6b54252ac3e1c261cd20ebada4f","sha512":"517988ab547ce1146ea8a3d5133202b16bf31f19e7586a517b6190c358339e64208d82ad52cfee0e3749f34c1558b4f9896d6e64fed30aab702d49831de61f6a","ssdeep":"12288:mU6h1v4l0M4qBV5V3+nZ6FWK3azm9XPRJmW+kNbzsyXHiZpswdtJDIlVHPWLF8VL:OQMehutilJtNbwt7dtu02bxHyt16IjNy","tlshash":"a2150270eaa6d3105f0d08f8d89bec9e2358679874c89b4e80c14c5df3d8e5ee6526ad","first_seen":"2025-12-22T00:02:53.700344Z","last_seen":"2025-12-22T00:02:53.700344Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3072,"timings":{"blocked":1543,"dns":0,"connect":0,"send":0,"wait":352,"receive":1177,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C400%2C600%2C700\u0026ver=1.0.0","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Source+Sans+Pro%3A300%2C400%2C600%2C700\u0026ver=1.0.0 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 22 Dec 2025 00:01:55 GMT\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9744,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"965da2ac201f3147493ee0ead8ad0354","sha1":"86d3922f481cc89afcea7bf45f1b94eedd7d88af","sha256":"897053eff4f4be1d74b100a755a41e1206f898a1aca77ff757b2a313e3363ccd","sha512":"07932071231eed0628997cafdb0c4d9f2c0cfc11d73c7f038b6d262bf25ef1243f50c2677b2fded928c7a4d8ff0d55b494ece9589371ea0292f02eb6ed288684","ssdeep":"192:ln1Cb63gYIv3q0eb83JLXCpVGrSU3vBGgMH52fa3EcoLq:JfPkMe6jr","tlshash":"1912cef3411ae44897a31cc623de3e769d8f60207185c16adffd5858aca6c3a43a4f6d","first_seen":"2025-09-11T17:47:44.855298Z","last_seen":"2026-05-15T15:22:51.628905Z","times_seen":2567,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":1,"connect":8,"send":0,"wait":18,"receive":0,"ssl":403},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 5824\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 11:03:58 GMT\r\nexpires: Sun, 20 Dec 2026 11:03:58 GMT\r\ncache-control: public, max-age=31536000\r\nage: 133078\r\nlast-modified: Wed, 10 Sep 2025 16:43:22 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5824,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5824, version 1.0","md5":"6ad5bf07a194fc312a9a327bf955e416","sha1":"a6ab88cccd8a4dceb7b0a983044e52babdfdaa3b","sha256":"a33512ad87ab43143f32bb72a12f632c548492d0c9812639e2d96f6c5ec165b3","sha512":"1724db538b661cdd47c6e47a72ca5b3a68a299ab38b03142701dfce967c96304b6fc580d657891b3bd820f5c140cb2c935aecac8300640128058ae9f8d822af6","ssdeep":"96:ItOQ3okIx4HYzHmLS0BSkEQ5IW9xvQo91hc5DtOcliy0Dbx8LMajhRcCkE:c3o3xsKHeXEgI6V/cHAJxK/hREE","tlshash":"05c18d8b3f167127f70444b78f590179dd28a25264fc832fa062a83fa2207a59788a39","first_seen":"2025-09-19T22:58:43.124146Z","last_seen":"2026-05-07T09:03:09.245467Z","times_seen":46,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":8,"send":0,"wait":9,"receive":1,"ssl":230},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/ao-anh-2025-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/ao-anh-2025-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1743387\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"2c03672c3867be56f175a3639772f1e1\"\r\nlast-modified: Fri, 19 Dec 2025 04:28:36 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882A9DC07058E40\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 200950\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g1iQFA3kZsmS5sKE1MHoyQm039IAD6TWisMvzU9inm%2FNyNLIby9St8z1hBKSTQ2X1%2BC4MNHimksdKxk9xUNNzQRkUzOkAvlFQYKzAGZz\"}]}\r\ncf-ray: 9b1b58faca235a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1743387,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x1920, components 3","md5":"323391280fbf5b6466d9347c14dc50f8","sha1":"234220ecc93769a28147c9a04aa3fdc2183dca10","sha256":"24b5c00ca11fd5857c2e66ea5ba653f6775bc15bd08d5954f76db944e87b7f69","sha512":"98b1ac9eab3e10d1e31b172b463a2f3dcc8edc62d61f2d8a0dacb9c9798939391428cfb2b0c6e5813101ef65baf7618b9d3ba580602e1133325e2a2fa25790db","ssdeep":"24576:fa6G2mrgTr1F6MLM/TTYgds8ZG9kDBjz8yfKnHIt1NDtgZ+:+2mrG17Q/TTYgBNjNKnH47gw","tlshash":"17252363ed115112df8c4771f0d6180d222d1fb461da658c87a13dba53ab37f2dcaaac","first_seen":"2025-12-22T00:02:53.702553Z","last_seen":"2025-12-22T00:02:53.702553Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1887,"timings":{"blocked":-1,"dns":1546,"connect":2,"send":0,"wait":15,"receive":301,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20240821-1/22c49ba9590b0e5f3d126696c0bfbecf.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20240821-1/22c49ba9590b0e5f3d126696c0bfbecf.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 21 Aug 2024 10:24:14 GMT\r\netag: \"7cd79-6202ef19d450b\"\r\naccept-ranges: bytes\r\ncontent-length: 511353\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":511353,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"d9252d575308433be36c2bd30b0ab388","sha1":"677b342b13ff13d1ec4bb4d2e3b42b835d255213","sha256":"e54b7623cdac45b23a1819fce7ca217d257bcd983bcbba20aa168158d30a0570","sha512":"9dbae3fd1efee261b856f771e48d494ca14f51e9284d0e3b1949f80aac3ee6e0f5e3f2bf0637ecf91d6a380feeeb87cbf5d9350da49cb825457fa165f878ee0e","ssdeep":"12288:DiwkmjY+gfWOfg2HTk+Mnno+vgUqkMDQsvihs7o5E+KyziX:TfgfWAztR2gayD05E+XiX","tlshash":"11b4239e16727084b8fc4233e58859ea8b19bc8be6fef90c64dbd3cee5911fc5445428","first_seen":"2025-12-22T00:02:53.70357Z","last_seen":"2025-12-22T00:02:53.70357Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1930,"timings":{"blocked":475,"dns":0,"connect":0,"send":0,"wait":1411,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23124\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 17 Dec 2025 12:10:30 GMT\r\nexpires: Thu, 17 Dec 2026 12:10:30 GMT\r\ncache-control: public, max-age=31536000\r\nage: 388286\r\nlast-modified: Wed, 10 Sep 2025 16:49:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23124,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23124, version 1.0","md5":"f5ede6f599d158f0e1776c09ab725c63","sha1":"c825b2f6ef7130df0583ffce3e5b29e1c42dafd8","sha256":"f61f863b7dcf4f836954b8a11abc2b2284fb089d669c2cde701b198f9137fbcb","sha512":"3429a52401ec7b8c2ce81ca36f2f7683aeec70f99055ea2f1ba5ad25c29e19e48634bc98023ad046e0ac696842b0248e1ad5395d75f376e7cd0031e117766983","ssdeep":"384:9+HLoCvzES6K6kw/hw4M5Bp2s3RqR2BtW/NMOBT3hb2Z1U1d+wz+TvaxlkXAy0:E0KwM5Bx0RPzBT3hboEd/z+Tvaz/","tlshash":"15a2e1bdb10b68c1d71d45a560a8218241c00ff698f6a6fcab17b89af7ff46677c005d","first_seen":"2025-09-12T06:45:51.230437Z","last_seen":"2026-05-15T14:32:28.331029Z","times_seen":1886,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":19,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/co-phuong-bat-tu-thuong-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/co-phuong-bat-tu-thuong-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2948049\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"ca86a0a6fb39b9349a9c8762f188b555\"\r\nlast-modified: Sat, 02 Nov 2024 01:18:39 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F89A4CCEF\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XOmTlLVDiGVbtDTNIIW%2FvjCKDrvRVvBYDGtHo8ENk0nvD3zYq4jvEx6GNiplUeCqs257iey6yNf9SSYLNZIf59nvLWOQwBa5q7hUlPgH\"}]}\r\ncf-ray: 9b1b58faba055a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2948049,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1911x2867, components 3","md5":"70ae5f6d799fdd7872e05d6d4ccdc514","sha1":"e5342065f4a6a4c44a93cd42978ede995d9a69f8","sha256":"7a8730bbb8f8e1a860d8cbc83f86db3b0e03a679a5dcd52b110e077a4a1d87e9","sha512":"761f94c89d2a9a437738a9f189f79c217581731c41035001ef5d12adc9dafd011d1b1b652beae9e0ef91dc2f57cc6818c8b083bb196d20ef20e1196a70a3154d","ssdeep":"24576:jIiguCONEIVAuXaYQ/8QbvAEoyu27866wX7v8rkBWnXgAvH:jcuCOaIVAuXaYqbIEfX7866wX7v8gWXR","tlshash":"5f2522d14d1678f79e0c1762f481588f2805bbf928cc9e5a9241ef91ffda21bac05ed8","first_seen":"2025-12-22T00:02:53.705389Z","last_seen":"2025-12-22T00:02:53.705389Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6176,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":386,"receive":4714,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/muc-than-ky-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/muc-than-ky-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 997408\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"c88a0d4966da6cad2fff8d85e54477fc\"\r\nlast-modified: Tue, 29 Oct 2024 10:37:20 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F887E1494\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3GjUHlWDmzdv7DR4huZTtlnmlxHsz1Nv9ILm3XoN5G1KLD5oHMidZkzA5gascngt%2BvHncQrDZUenYeC%2Fbrhs5Tt2ikAwH1diMxNvwy4y\"}]}\r\ncf-ray: 9b1b58fab9db5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":997408,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x1280, components 3","md5":"c88a0d4966da6cad2fff8d85e54477fc","sha1":"9d73b19c064e5b6c97c643a02a31b409d0a57688","sha256":"0f100a94b8689dd52427ec18b45a12dea4d3e6a59621991b12c5d6c249fe9a52","sha512":"22700fa8f497602e514a22daecfd315f376090724a92e700d21e98779312e572e43e0cb75c41f020af493a7441860a3ab961af7d62c76c904256f125ec294b6f","ssdeep":"24576:bLnptWoC6DN+cFOiYyV/3kMRqpS+HB7CjwA3P9w1xWwkK38frB:/nXCsbFttVvkMR/+HB7CJVq938frB","tlshash":"0c2523709e59692b8f1d567af0c7781e344427ad20d8cbae08625cc9b7cf7179a8387c","first_seen":"2025-10-29T23:11:15.324805Z","last_seen":"2025-12-22T00:02:53.70654Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3287,"timings":{"blocked":1544,"dns":0,"connect":0,"send":0,"wait":350,"receive":1393,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251209-1/c9590a38c43b0f0e3ada0ccd0f2dd897.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251209-1/c9590a38c43b0f0e3ada0ccd0f2dd897.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 09 Dec 2025 08:57:42 GMT\r\netag: \"63f43-645811abefaa8\"\r\naccept-ranges: bytes\r\ncontent-length: 409411\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":409411,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"572b6d4d670f5ee59568ec5f6b6bd4de","sha1":"5125e76bdc7c9827f0e9e64ec851f9544f6b4ef6","sha256":"0159b2538c447d20e801e2cdff3da1a111b6a5377e84883d40c9912ddde350d7","sha512":"1b52a16c5cbe67466f8446cf1b81d413f770b75bc9f4bf0aef775a39de20178dc6cc4013bdbe2e29e313d024ad8b56a9f4203eebbdc6273517e099be97041337","ssdeep":"12288:FKSsWCpU0iGNXI2HibrJ6zqugGMRoaszU0pOlxX+7h:FKxW/O1I2Cbr0MnRCzUAOru1","tlshash":"5b9423d534b0526ce6642d6e9534edbb48668b003df54caa07a725c3ba43cb0cc9eb7d","first_seen":"2025-12-22T00:02:53.707745Z","last_seen":"2025-12-22T00:02:53.707745Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2183,"timings":{"blocked":-1,"dns":26,"connect":158,"send":0,"wait":1506,"receive":5,"ssl":487},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/dem-co-quanh-tham-sat-gia-dinh-bansal-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/dem-co-quanh-tham-sat-gia-dinh-bansal-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3034657\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"9c4eb64ee652cb9d06ca5904d63b59bd\"\r\nlast-modified: Fri, 19 Dec 2025 08:39:40 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1882AA328CD4B9CF\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 200578\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QG2KG3MS%2Fn9jkuqdkM3j5qt6KpyB9JoEginwaUeKFYmQcDu4w3qR1MHIIO4jQK%2ByaqOfEu7dDqko8HC2VItQp0RVbuj3VHzGcgqOrxYx\"}]}\r\ncf-ray: 9b1b58fab9e65a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3034657,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2000x3000, components 3","md5":"afcc19dbfaa2f6553b59d4332ca04b91","sha1":"3ef91d77de34085b1fa9804e4f7e914bfc48de96","sha256":"3c26cbed9609f5125227841301d60614a8fc248da1a0fbf271f1365be9cfb57c","sha512":"ff6afdbf08b1471401e6646aaa81a127c80e0987254c392ea1ee56cf33b10cf01a8040dbdb505d0f545f7e7e64202c267661d25dc33d5026651f81ccacc68df0","ssdeep":"24576:5jaSyzM2sshMRntTe4NVeK0QDHVeSyt6Ea:5CA2ssGRtnbHgSyt6l","tlshash":"cb2512426f2724906b4c06b1f082f80e4950b77938c6cf6a4795be68f7d9b28ec4d99d","first_seen":"2025-12-22T00:02:53.708856Z","last_seen":"2025-12-22T00:02:53.708856Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1985,"timings":{"blocked":1542,"dns":0,"connect":0,"send":0,"wait":11,"receive":432,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/van-tham-bat-tri-mong-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/van-tham-bat-tri-mong-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1473019\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"3b2681b54e2e7898e6664284f7fddc8c\"\r\nlast-modified: Sat, 04 Oct 2025 14:09:08 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88075F5B\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=va9atu09BlmIq1%2BJseKJKiVnggxn8p0l1IBRKmXuV8vVSB6Oa%2FZy6qPyJUXO7x8EQ8dEkeEGq3dIAZ%2Fro7eksRdCypmmXMN6uwwUw3v%2F\"}]}\r\ncf-ray: 9b1b58fab9ed5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1473019,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"e581902bcaa3d16e9ff3d63eb54521ab","sha1":"9c321d26c341ccf8cd6cdd4ddf28d797a131e4d9","sha256":"eb94151f37858033f95590d66275f2a8df06257968cc7eb26706148c70bd6c37","sha512":"5ca1be25f17ba1ef4bbbb35f394d1d33f88a2269d0acfcc471a70e98bb2fa29b97b13b9abdde523d1473f68f2cdfbb48728b9b8207499937a6a9a94d91f6a818","ssdeep":"24576:gdKWPnTL+bAY7rMU2F2hfA/4vovXI31ss/RPO:NUMb2MfmSovXI2spO","tlshash":"9a2522648da5f62beecc94f2f4c6689c311f2fb851d4dabc051a0c95b3dd10bb88a49d","first_seen":"2025-12-22T00:02:53.709747Z","last_seen":"2025-12-22T00:02:53.709747Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3197,"timings":{"blocked":1541,"dns":0,"connect":0,"send":0,"wait":331,"receive":1325,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/huyen-gioi-chi-mon-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/huyen-gioi-chi-mon-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 4664357\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"3f446c689e95b136085302be8351dc28\"\r\nlast-modified: Tue, 02 Dec 2025 07:26:12 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88C435B6\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3kh7Q5%2FYeckAsT1L%2FwJbGhQi881JZpQAWx6EfYf4l6ChRm7KI6fi8i9HzjQwnZJUW%2B6DBXxbS5DUb63rncmEPjiNyyluTuFWMWezN%2F5C\"}]}\r\ncf-ray: 9b1b58fab9f25a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4664357,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3840x2160, components 3","md5":"8b0723937c5a53ea96ad28270a79149c","sha1":"a07f2d7c39ea2fe1938b0e1097ee8fadff3ff76f","sha256":"45956e90000bf6a4a39690b5398a3d5b1c239fe585fe07e8f2c05b253e59f005","sha512":"e2aeaada53ae0a987896db2cb61b9cd7e8bc412319a7816064c0eb9c92b5f912a8eaeaa1ff81ccd114663a2ca66482b686a6bdfab360bd3e6c66ddafabc8430c","ssdeep":"24576:k8SgPQTdZtrS6hxo9RZLib9wNiFZflXnR8y6dqOqAldb4uvjhtRsJr1:BVPQTdZtWfRPoFZfNEqO1dbdvdQr1","tlshash":"d3252326bb15661b730e1a70c0c7fd05499062a82c4f0a7f2d41ada2c6c557afc86fef","first_seen":"2025-12-22T00:02:53.710751Z","last_seen":"2025-12-22T00:02:53.710751Z","times_seen":1,"resource_available":false,"data":null}},"time_used":8650,"timings":{"blocked":1540,"dns":0,"connect":0,"send":0,"wait":365,"receive":6745,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/owl.carousel.min.js?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/js/owl.carousel.min.js?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-a71a\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EzsWeaiwXJm7Qu6rFz5icsNlHV2JRQtGeupprTqgteducH58oEGtp%2B8CUMJv2yVPSzEpm43wqSiMUDw12pbGI6YsnQONqao4\"}]}\r\ncf-ray: 9b1b58f0fc0cb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42778,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32000), with CRLF line terminators","md5":"436078ebb485a71089ef2db6bce1788d","sha1":"c704f57b6ba32caa01e1803ef303d3da20642149","sha256":"8fb391aa6ad9096ac5fad59d45e5a0fc76d436a193f63dccb9e8b4da5985715a","sha512":"2e2e3872d59c94aa92192bc086c5d60d34776781313727023375d6a5e467b7a814e55dad3cdb424dd5ebc1ee9bcecc95e6500f8bd4974cfc381ceed2c959ee6b","ssdeep":"768:8BA7PMMFA0tdlXKNSR4vlGRep2lcwJeL+C2jQdc7YCORUQuFBt3C:gAIMFFdYMxAcEQDs","tlshash":"cb137346b3202d2a869b61a0663f160bb23a291ce414507d7d7da6de6d7dc4c213fbfc","first_seen":"2023-08-03T15:59:28Z","last_seen":"2026-02-13T22:00:35.639861Z","times_seen":14,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/css/tp_style.css?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/css/tp_style.css?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-285c\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h2YQmCQgOJbb7aryFrxqoSqKI7FMIbJFPtD%2BI5IYsL%2FM5rx3eqFbgBCRkalWC15IYvjyriDnQ2a4xGL3w04Z4NECyCAHHPVg\"}]}\r\ncf-ray: 9b1b58f0ec04b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10332,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (632)","md5":"77fa6f9cb7c2a0264a861df17e367288","sha1":"c349be65d7c11d880be0879b309e87056552f71f","sha256":"865d30127f704730d89dc8c536a188fb03462470d69233ca5d8300ae90c26c3c","sha512":"e7197e7481b63521c42e7e8323b6f8b740d0dedf7759156f673c945c242ec6baa2eabc239ce09d38efbc71d87415fc4b7a521a04bfd2b7450a9c066f53235c4d","ssdeep":"192:OFvOR/5Ltm4ZP1oUZFDw1hFwQFmnFGW0gQ5TGrRV5w50FMMl50FICHsbJMdPiUPK:JZtm4Zyh1c3wWW2rwYl9CHsbJMBXiLEi","tlshash":"c1222081d3e65f472907907c116ac2e0336a62d5d00d9f6d7e7ff2a95b4c088ab7abd0","first_seen":"2023-08-03T15:59:28Z","last_seen":"2026-05-07T09:03:09.197412Z","times_seen":11,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/functions.js?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/js/functions.js?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-32bb\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MSgJ%2BvNHGQH4DbtgTdQZ60q8wtyx7NmFr3OZBQwSD17ntNlbsFf%2FN7srQtO5bu%2FQto3JWyKVenY9YT59%2FlREaqDxOnWEqVpa\"}]}\r\ncf-ray: 9b1b58f0fc0eb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2343)","md5":"b95e5bf8dd94aeeff88e0e3f35bc6b88","sha1":"0504bc698b7010e60f4cac06bcb1be6dc94f6385","sha256":"a288773b242a1befb2c4d22f0eb9e2073fc04677f3056ef185347cf990281f0a","sha512":"92a9f9ffdec07e918de13d032899cd7c69f3e762c2e8c45875a39fcbd57f9e1ef404e96ef942764f82edb7031e77c5043d654797a8eed4796aad7108d004005e","ssdeep":"192:0iYSqN62g6c4NJN+SdU+xmsQXkRUDpNUb7WEGRkaAvKPrMbSDcYwC9U1UnZHfrZ5:lD6uwqpw7vGRjAvKIOcYCOFfKHc","tlshash":"8d42b81cf258a66704df2679216b5b8532332f77d1469160e03f1af18f90f8b7a93a2d","first_seen":"2023-08-03T15:59:28Z","last_seen":"2026-05-07T09:03:09.229661Z","times_seen":8,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/fonts/MaterialIcons-Regular.woff2","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/fonts/MaterialIcons-Regular.woff2 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tvphim.one/themes/toro/css/material.css?ver=1.0.0\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 44300\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\netag: \"67f4d167-ad0c\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ay4M9hcp8mKj1QNaYsBggzU3RwOee8elLIKTrNzJiD%2Fhon3BIIQCx8OkcCA0YHa5My4rhMuuwJ7P0ClkQGSTDqOKjUg4A%2FUl\"}]}\r\ncf-ray: 9b1b58f3ddd7b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44300,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 44300, version 1.720","md5":"570eb83859dc23dd0eec423a49e147fe","sha1":"09963592e8c953cc7e14e3fb0a5b05d5042e8435","sha256":"a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726","sha512":"baa17185bedd1f04b138a1de3741b7a6052a02c1d4848d5359ae3ecc80061c54df63374684571bb50b1392af4458f1df7a5df634716fd5fb269ec7f63f3f65d1","ssdeep":"768:O89JwtxcrQZ3QokCTF/wNDItCKrXnQRSC88gWR29D32ashbOfe5rFZwvhy8k03Xm:O8nQRHkGF/w6trX5ZWRQXcVFZwo8kkm","tlshash":"3513f1259c805118e855bfde827ff162f2a3fb8705c16d120bbb4d696a4822b58376d8","first_seen":"2023-04-08T11:04:01Z","last_seen":"2026-05-15T14:37:19.939185Z","times_seen":7898,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/chi-pheo-ngoai-truyen-2-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/chi-pheo-ngoai-truyen-2-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 184089\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"a693c25016d0984fe632154b1a271756\"\r\nlast-modified: Thu, 16 May 2024 18:50:03 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F897E0746\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HuzNpiv%2B2LDYNtgg1lZ%2FcMKcJLQp%2BtYUpn7yHFCeGshMfjr2CFQe0s0i%2FA2RspOURtSJDbVB2g6UYk2Cen%2FNE3DyoN1KemU6EoSKlfTu\"}]}\r\ncf-ray: 9b1b58faba0c5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":184089,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 90\", baseline, precision 8, 360x540, components 3","md5":"a693c25016d0984fe632154b1a271756","sha1":"3c630e1540a459cb98f081b4524ce95bafec5349","sha256":"82468edb673d920abb4d6f62e569df45e372768a09b8ff0284d890f0846965a7","sha512":"bc5bf5686f31d7a7022616e4d9a90088ff10c442bc8f77871c4316b3ba9c80d4d802d921ee15145826d53aefc65a27cf74b429af7d7ed27311450cbc3c634960","ssdeep":"3072:oG72o6TOCOShqE/69OAkcS5cuIT9ZNWZlSjzcz8hijQ4JyyVeGC1NRLB37SImBSJ:32o6TOdJ9Vkc2ZI8azphinyyVFC1NRLJ","tlshash":"1304239e4bbd9cf70a4e0e72c3e243fa136d0d54b993ee71c0042579ea7092be5c56a4","first_seen":"2025-12-22T00:02:53.716014Z","last_seen":"2025-12-22T00:02:53.716014Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1996,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":376,"receive":544,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/logo-tvphim.png","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /logo-tvphim.png HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 1649\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:44:03 GMT\r\netag: \"67f4d3c3-671\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FRE83gHrOtYoQrycymkxpJdiatpbB%2Fds9GFTD1PzQ0yQ0omKWcWM8XvtVMXzlJe4ko8hbPhUJUo%2BiWF7LOLpSRKXMlTeO9zm\"}]}\r\ncf-ray: 9b1b58f0ec05b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1649,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 305 x 82, 8-bit colormap, non-interlaced","md5":"8a29535e46988b35d8d7cd931e97abfa","sha1":"7915369e7f913d00f7bbbf694d6bd1e971c20085","sha256":"c4f91514a9e0001580c153c748a97ef23a72d86a7b6ba41d743323813e37dbe2","sha512":"6b83be1998e55faa5fd94495da3c8b714d6f29f5c00174799c1165c46dc8fdc3e2baec3d5d11ce06d5688c1e5c95b5e47f2b7692bac13a2ac2cef66020ff69e2","ssdeep":"","tlshash":"d631f873c6a0b96fe1fa4c31504194398b20a31b0a168be98703123ce84833bf8d55c4","first_seen":"2025-12-22T00:02:53.717048Z","last_seen":"2025-12-22T00:02:53.717048Z","times_seen":1,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251005-1/58a42c65a7da54822e388a95d04788f0.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251005-1/58a42c65a7da54822e388a95d04788f0.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 05 Oct 2025 09:51:05 GMT\r\netag: \"6786b-6406645fc4daa\"\r\naccept-ranges: bytes\r\ncontent-length: 424043\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":424043,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"ab1072681ba09e241e9ae1cec383465d","sha1":"4b576b4c90549d2388efec6dcb83b7707f46768a","sha256":"144f17e294a0969b59aacce35b1e8dab4ef54323ca917489b658bd5fa94bfdc1","sha512":"13fcebb0344f5286b70a0d54be4b6ce6246cd73e4098c6ed62dacfbfafa1efaad9df12f9d17b7ea506b67c5cbfcebf1be9716197c8233a61bf0ebd33441a7f63","ssdeep":"12288:gtDWCJ9HBLbVR4/4p42HYDVELB1GrIOoOp6JXedYUk:8Lf1VRR34ZELa6Ju0","tlshash":"c29412fe77f8444bdacc0bf38a2c5753ae7238799b6606d3050b50278d26948b8d95e3","first_seen":"2025-12-22T00:02:53.718096Z","last_seen":"2025-12-22T00:02:53.718096Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2154,"timings":{"blocked":474,"dns":0,"connect":0,"send":0,"wait":1566,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/sol.js?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/js/sol.js?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-48b6\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mZYPZTioZCJim%2BfVUzBIziRPtwQTxYks%2BMTX6EuvF829qJVFGN2u0gAZvhpP78nkIr30ikACb3SmX1qDwtpJY7KRA%2BFnphqP\"}]}\r\ncf-ray: 9b1b58f0fc0db51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18614,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4116), with CRLF line terminators","md5":"3c2468d6efadf93e8b5cb886f9fc1ee1","sha1":"b98c6f235b4c48e0576b9049a36a40e90ccdecb6","sha256":"687357ee186e0e41e457c0104307dc8738a8b1d5ca480a857749727d5741166a","sha512":"2f2fc1eacaad9774b82f15b4c07a307244b7066ead636e42bd170760a0d2c1d7fa8d13b8a216f928d2054839910a1ade5cc2717a7c81909dd82c55a50f0bb58d","ssdeep":"384:lKPWI0SRTK3eq//JRynIl52CrpPlkEh1nJ4Xhx4sYuM7:lJUoe4qyN6RU7","tlshash":"f982634bb29c3732c2ff51798597224261399d9bb642856db839e8d84f38e412033f3e","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:46.861937Z","times_seen":7,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/fonts/MaterialIcons-Regular.woff2","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/fonts/MaterialIcons-Regular.woff2 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tvphim.one/themes/toro/css/material.css?ver=1.0.0\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D; _ga_627N11083D=GS2.1.s1766361715$o1$g0$t1766361715$j60$l0$h0; _ga=GA1.1.911305051.1766361716\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 44300\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\netag: \"67f4d167-ad0c\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pSLun%2BfS7QLISbAKD%2FX%2FErPkbpTAXncbsf6bRFcPDbdpPiXN0xBrpMsU%2F7JeiwRVK%2FGmqlnf8hRMfWeFD8eFA2WnKKQqIgb3\"}]}\r\ncf-ray: 9b1b58f47e12b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44300,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 44300, version 1.720","md5":"570eb83859dc23dd0eec423a49e147fe","sha1":"09963592e8c953cc7e14e3fb0a5b05d5042e8435","sha256":"a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726","sha512":"baa17185bedd1f04b138a1de3741b7a6052a02c1d4848d5359ae3ecc80061c54df63374684571bb50b1392af4458f1df7a5df634716fd5fb269ec7f63f3f65d1","ssdeep":"768:O89JwtxcrQZ3QokCTF/wNDItCKrXnQRSC88gWR29D32ashbOfe5rFZwvhy8k03Xm:O8nQRHkGF/w6trX5ZWRQXcVFZwo8kkm","tlshash":"3513f1259c805118e855bfde827ff162f2a3fb8705c16d120bbb4d696a4822b58376d8","first_seen":"2023-04-08T11:04:01Z","last_seen":"2026-05-15T14:37:19.939185Z","times_seen":7898,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251221-1/6ac9fcafbe963ce8fbae6aaffb3d642e.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251221-1/6ac9fcafbe963ce8fbae6aaffb3d642e.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 20 Dec 2025 22:38:15 GMT\r\netag: \"151b57-64669d985afca\"\r\naccept-ranges: bytes\r\ncontent-length: 1383255\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1383255,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"52cb786219f0371ce8801123892baee9","sha1":"057d3d305dea0788f911cc911ac2370c3402609b","sha256":"6bc7453924729fef78d5021b73509d8f205681c85ad503f4337994c817d1e96c","sha512":"8d37d174f7bd2915d6362d970d38759fb3515d0de1d365c0ff7e25cad81256d7250b2e691e535414c527c3df2d2a70c33577d579b9cd34e6461f74f122d57eaf","ssdeep":"24576:h4Bxm9O1cERUUj/SdGpjcRbIkD89uOBU9a8UO4oA+naYCDMO:Cm9gcE3ud8cHOVBU9FOoPnCDMO","tlshash":"942533f839b6d3a2ef7ab13119b6cf8869501771430a026b7078647db604b7cb3d83a5","first_seen":"2025-12-12T20:18:12.954708Z","last_seen":"2026-05-07T22:23:37.039181Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1714,"timings":{"blocked":485,"dns":0,"connect":0,"send":0,"wait":947,"receive":282,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-627N11083D","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"216.58.207.200","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=G-627N11083D HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\nexpires: Mon, 22 Dec 2025 00:01:55 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 143228\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":433548,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"ef87cecaa2ed65173f085467a6908512","sha1":"a7abe746a8a47a808138654e62e4e3b2953e5a69","sha256":"d3f8a466b032d1d13afe3ac047d1c897b0b806cdc57366dc8539f3ffc3cbde0e","sha512":"b5ebcc4ede11d158ce7d22472da664d91e18b787314530c58121831baf061de2286bfc5dc7555fc9ac4bd0e52f5af290a698a8b78bbcd8164f841547b71f6cf3","ssdeep":"6144:3wIe7ma2bulKY/1u99xHDmHYmyBFzvnsyRO6jJWoNPad4FpC1xY:xC8bu7/1mbrnsy39WbMpb","tlshash":"e4941ace73c674269396e078503f118ba57b29e2b45cc896f189cce42e7469a4237f7c","first_seen":"2025-12-22T00:02:53.721648Z","last_seen":"2025-12-22T00:02:53.721648Z","times_seen":1,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":4,"connect":8,"send":0,"wait":36,"receive":30,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20250823-1/1388f92d8dc699c924b94f68131b5a14.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20250823-1/1388f92d8dc699c924b94f68131b5a14.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 23 Aug 2025 01:22:19 GMT\r\netag: \"802a1-63cfe2759aa6a\"\r\naccept-ranges: bytes\r\ncontent-length: 524961\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":524961,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"365be19e64c9f0c57320e9794dc42341","sha1":"12541d217671a10304ac999db9171b4c0ececb91","sha256":"4567568a85608927d1f63d0cc9ad0cce65dc3bd5382c5925523bc26ef10340c3","sha512":"f81d08905f188088c4d573b8e0d2befc7fd84060eb4a58c3261aeb198c41b6c13ac8cf1b0ca8d7cd1f29ae2efbced9f78ecc0d90a1af8b7fb1abfa54ed222501","ssdeep":"12288:Je9A2+GEwNvCHkCWVw7YxqfRJpAknMkrkKHRPYkfa2Jd/m5P0Fdw:0ZkHk/iUAJBMix9zJd/mKs","tlshash":"3db4227b07b29fa2c01e273584c39335087adca8e2cbf65f86a50f646594fbcdd62116","first_seen":"2025-12-22T00:02:53.72249Z","last_seen":"2025-12-22T00:02:53.72249Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1882,"timings":{"blocked":476,"dns":0,"connect":0,"send":0,"wait":1229,"receive":177,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/js/jquery.js?ver=3.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/js/jquery.js?ver=3.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-1538d\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C%2FOO%2FWGJqyGop0h6cMrJ14XlLcGF56%2Be0h2kIhrZHT6gEaqgPD2fWUoKYnl%2BVudhZSdF%2FG5dVrFMzRDJvX729xqiWgCBCDJ3\"}]}\r\ncf-ray: 9b1b58f0fc0bb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86925,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4196c2112b2fcb7ee1defcce4e01f8af","sha1":"82721cc174064f3808730880340fbfa492850331","sha256":"634dc69d755d4ddf57ffa821c96d1405c8670b6dcb9c5f276244c691549cb146","sha512":"443867aab52c935c8a29940f32f93d67539b61875f3e604866b1553b0a32f9c1f36db92eaf29922587aed973d034f8523d5b412914c6cb7ba3bf44aba7b2bf95","ssdeep":"1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6ta:nkn6x2xe9NK6nC6E","tlshash":"698319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:47.020558Z","times_seen":7,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tvphim.one/themes/toro/css/global-styles.css?ver=1.0.0","fqdn":"tvphim.one","domain":"tvphim.one","tld":"one"},"ip":{"addr":"104.21.74.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tvphim.one","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 00:21:33 GMT","end":"Sun, 08 Feb 2026 01:20:12 GMT"},"fingerprint":{"sha1":"F8:67:16:FF:24:61:5A:0A:97:0A:E0:EB:B5:55:20:37:F8:50:AF:34","sha256":"7F:36:5C:86:57:72:8F:F3:20:59:CB:9A:76:9B:0D:3C:EC:38:0F:23:F5:6F:74:70:F7:03:C0:E8:5F:70:7F:DE"}}},"request":{"raw":"GET /themes/toro/css/global-styles.css?ver=1.0.0 HTTP/1.1\r\nHost: tvphim.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjVVS3Y2N1M5Tk9EbHNNYkozb1NIUnc9PSIsInZhbHVlIjoiVjAvZG1OOVNOVCtnYmdsTWI2ZVFXNXczN2szdHpWWVBLamd6eFowSkRLR09UR0czWStkU1dUSkFBRitkZEVqN09mcFUybW04d0hiSWFCT3BPWnJoMEhROVFzYlo2eUtUbjE0Y0JkR0lxWGREVGo4dmpZZUZSZ3RxWXJmRlhTZVciLCJtYWMiOiI5NzM1YmI1YTQ4Yjc2MTMxY2Y4NWZiYmMyZDZlZmM5ZGU0NThjMzkxN2NhNWY1NjI5MjljNDExYThhN2JmYjNjIiwidGFnIjoiIn0%3D; ophimcms_session=eyJpdiI6IndXWGJmaUpFNUdDZ2xZNHFjOXJkTHc9PSIsInZhbHVlIjoiUDBFM0pQOTBGZzN0emJubmVKcEx5VzlaY2lZNW9kbDhSbXZBOVhoV2lGN0lBb09VNDVMVDhCaGNKT2Z1RTJwT043MXVHbmg0SG56R2pBYXFac2o0QlVWWnFJVXBlOHRBclJPNjU2bENSdm82ZDRRaVl0VGVRZ2F0alU1aEdqQzQiLCJtYWMiOiI1OTFlODBkNGNkYmE4OTQ2NDI1NmM2Y2RkOTkzOWU4Zjg1NDU1ZGJmMDZlM2NhYTdjZDY3ZWNjMmM1MWRmM2ZlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 07:33:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f4d167-32b4\"\r\nexpires: Tue, 22 Dec 2026 00:01:55 GMT\r\ncache-control: public, max-age=31536000, immutable, stale-while-revalidate=86400\r\npragma: public\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YtoCCeDMO4mVNJBPXvH8BNKW7RRHAT%2FL5IH0ZJ80Dlpg4YSyVqBbGOJBYmNVStBq4Gf1RZd%2Fu2GaNDGCab7cjqM5FhZj1YtA\"}]}\r\ncf-ray: 9b1b58f0ec01b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12980,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"5fd028c5512d3070a9981967efd51d45","sha1":"9d3e26802ae61ac101b4690e3384186bbc779ca9","sha256":"2977fd77402a78c04939ffa739d1a1b268386b89c2e83e458638f4609c09ffea","sha512":"78f70a19a5a2dce4fbb34bd0a763bed0e740298c883c952f37a711fec3fa4d4a9a7ba691261b4efcce35d39de5b60bd936cb482eeb45204dda71df330f4b4f51","ssdeep":"192:dz+vnJaAuLPwGAxjS+NaQbkoXwoXqVFn4:6JaAuLKkFn4","tlshash":"8c42f136d0925053af7fa76d87f2b229efa9a11b8c01a73a35ec31548f744b21467e1c","first_seen":"2023-08-03T15:59:28Z","last_seen":"2025-12-23T00:02:47.019927Z","times_seen":7,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/gia-gan-bao-thu-2-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/gia-gan-bao-thu-2-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1616142\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"be954aea5acb528e780854cb361db91c\"\r\nlast-modified: Mon, 10 Nov 2025 08:15:53 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88D029C3\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7zf6Hekm%2B%2F1GFTZEIUhra6tF0SfIp9UKn9RIEI7HQkHpm2BxQAaZKDdR1TOoCG%2FUjyVe9sNa%2FmdyNizJFqeSwIt%2BUBBSGyDbpisuPfpi\"}]}\r\ncf-ray: 9b1b58fab9d15a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1616142,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2500x1406, components 3","md5":"b630db0f7db2a5b87d49bf22f5528d4c","sha1":"a330074920ec3da78a6ebe47b556aa9645329309","sha256":"70d67880f6b7ac19b9537a79627b991b8b4f84e8110dc2cd6ad97b837be8b29b","sha512":"898141d84ab582024530302ba2e567c58f11e6e68c1906d8e821e99a63480457fc5868849932cee3f10f76eb76a32d6b2548b0ab7b83ae9db34386960b5723a4","ssdeep":"24576:i0wqakVhtuc+FbqzRLZtQBVXNfu0vohw96TXgyj8dgEE:i0FakVfuc+RqzRLE3XNoO6TX5t","tlshash":"ea2512949e51b82a9e9e4331c091bc4f25196fec10e9c9ae46d64fcb63fe503bdc609c","first_seen":"2025-12-22T00:02:53.725488Z","last_seen":"2025-12-22T00:02:53.725488Z","times_seen":1,"resource_available":false,"data":null}},"time_used":5558,"timings":{"blocked":1549,"dns":1548,"connect":2,"send":0,"wait":367,"receive":2080,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/em-se-khu-anh-poster.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/em-se-khu-anh-poster.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1753167\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"01f3bbdc38f3fd2e9184b35a95889c02\"\r\nlast-modified: Tue, 09 Dec 2025 09:36:29 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88B06FEB\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B8MsJYJTYy23dbzdLwoSVE7IjpM6Ho22k8lG%2FjD8DuHKci5ExQXzTHwCRzpF3sMtrfvCBhksJp9F1ZJufbfd%2BJldklOnIx0z2dLHHL7E\"}]}\r\ncf-ray: 9b1b58faca245a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1753167,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2560x1440, components 3","md5":"b45cc27f2726551a0d58afca5dd6910f","sha1":"2306fb6dfcc1e48c2f18de8554c64ca73e7ee26f","sha256":"e23039fae97f87b942c6c376395063db7d01ac45770d10b114e9373714576a2e","sha512":"41aa6318200adc770b0fd222200cdb125bc64685f1c9f7055f6527cef5f0f437c567ce840210d6d18bab1904e755d40e556c66e3acb1e41236a7df41b82a345e","ssdeep":"24576:1/TVhTUCKWIOqHAutMKidHWIKS1mP9W5fCUSWwANOYLoby:NTVNzLqgutMKCHWIVfCUSWrNzLo2","tlshash":"562512508b627d2fea6d41a2d056bc4e381e29fd20eccdbf01066ad65bcf4075d8b998","first_seen":"2025-12-22T00:02:53.726574Z","last_seen":"2025-12-22T00:02:53.726574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4959,"timings":{"blocked":1559,"dns":1547,"connect":2,"send":0,"wait":342,"receive":1486,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251221-1/687373bb9894616507f27c74c0eaa598.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251221-1/687373bb9894616507f27c74c0eaa598.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 20 Dec 2025 22:38:14 GMT\r\netag: \"5ca15-64669d97c1aa9\"\r\naccept-ranges: bytes\r\ncontent-length: 379413\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":379413,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x1500, components 3","md5":"e5b88ba5444dcfd92bf385106f9d255e","sha1":"483cdc78b5915751fc88a78cd3b8310d3e89d121","sha256":"6ca6d0a228c24895575dda9593c91ea8242328862626bc5993307f51db2ca63f","sha512":"e8a36f33618718ab252e38bfed3d4db224a6492da68a4c9cb7ddfad6ca4a66c4db83980a6e74bfddc915c4ae0eab288fe09f10bed7658be8ae1f2c0632971609","ssdeep":"6144:kzoa7GKPt6wWnR477seMlokQlf+dIWm8mjZjQijNFkeCplzeRUwD+vtKtS1MSX8C:kWy4wWVekvQz1jZjBoeeI+KQstSMSX8C","tlshash":"6a842323aa8943c1f1af78af5812c3557b2e78360839edbd0afed1241777b58584849f","first_seen":"2025-12-22T00:02:53.727713Z","last_seen":"2025-12-22T00:02:53.727713Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1877,"timings":{"blocked":477,"dns":0,"connect":0,"send":0,"wait":1230,"receive":170,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tvphim.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22928\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:43:01 GMT\r\nexpires: Sun, 20 Dec 2026 10:43:01 GMT\r\ncache-control: public, max-age=31536000\r\nage: 134335\r\nlast-modified: Wed, 10 Sep 2025 16:43:56 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22928,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22928, version 1.0","md5":"dff4fcd7dfee3f02a430d09ea37e5b3b","sha1":"2e194889442abe03911a891060a570a1970d8379","sha256":"bdfe6be41d09ed9bb7084c79c799baf380b43fd81474ab57f1099d177ddd476d","sha512":"8a1ea1529b51b947606bfa824ffc4eb164a62225e07c9ffeca711b76357c4b347137f8e3ac5b6029d6db120f642ee03c1aee37aae12216829c24ce5b7d72ef93","ssdeep":"384:ylfUY1Noz74RBYm0KSu3OLdICv9BuWkP/4iEfxSlVwEp75aIz:p8d34V9BV0GkTxpda+","tlshash":"f0a2e1c09035b66dc309e5b1cb1c371e253915a877d1bb8ab6a93bb0fb404215c93b9f","first_seen":"2025-09-14T00:46:33.811622Z","last_seen":"2026-05-15T12:55:23.492493Z","times_seen":687,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":8,"send":0,"wait":9,"receive":2,"ssl":242},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/le-hap-duong-phen-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/le-hap-duong-phen-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 166656\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"3a139a2f227841d61eab1343b2ba9024\"\r\nlast-modified: Thu, 16 May 2024 18:03:44 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 1883609F88EE87B6\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r5Edp27k9mdSV6KxpCn%2BUhflraVioyuXPINR%2BRUpNCIiEivEZZXXy6Ngi8QYszunq%2Fc%2BveRBr9MkF%2FtptcKk7g3nzNWXuugTZ1ICv%2BCo\"}]}\r\ncf-ray: 9b1b58fab9f65a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":166656,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 360x540, components 3","md5":"3a139a2f227841d61eab1343b2ba9024","sha1":"d43d86858e95fedf85a0c7ecd83b3d2019ff16cd","sha256":"889401796a6fd4e800507ff1673d90b37ccbeb299f47e49a6ce8eddc3d8aa62d","sha512":"58ff4d549389118117c9661cff6de1d5fa2f6f3583108cd4403d5324e1e5f84c5845fb6b163c016871c805aec4f763f93234adf9da68400cdbd1c729cea23cf5","ssdeep":"3072:loCYj0SCEsz1zlnjrsZITwfOoEeQ1Olf2EaCoAs8wcDxZzCKUstfBfJe83K:uh03ZxzljdwfMeWOlVA+xxZzC7stZxDK","tlshash":"4af3121cfd82a211ecce978760ebeaeab7284bf081e2293715f61b12f5f97151c8450d","first_seen":"2025-12-22T00:02:53.729536Z","last_seen":"2025-12-22T00:02:53.729536Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1942,"timings":{"blocked":1075,"dns":0,"connect":0,"send":0,"wait":362,"receive":505,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20250823-1/8c5156e8121aacee7750e0701d18988d.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20250823-1/8c5156e8121aacee7750e0701d18988d.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 23 Aug 2025 01:22:19 GMT\r\netag: \"3394a-63cfe2757b668\"\r\naccept-ranges: bytes\r\ncontent-length: 211274\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":211274,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1620, components 3","md5":"a1fe341808b5ce90ca14deb61dbea16b","sha1":"3919d886ee9f3a78ed16468ea292e88f7fd7806e","sha256":"724352eed3e76d38fe9f342ffc75ac56c7e7e9a2f02b7b3758ef79f684aef12e","sha512":"342aafdeca35bb57763a05d20d2bc62d20d166ede9e93b4ca804e61bf926b9a22502b95a83fd828898bcf983e662d9a1b652541ef84634720048c4293afcac63","ssdeep":"6144:rl5H87sWBp9ezHSV+OX9UBylV5hv39oWWOrL41ZJGB:h5H8NT9ezHSV+Y2Byrfv3/rsJa","tlshash":"192412c79d197dc8cb70f87442461b0b756ae606e318663a1ede5297d633130be3e4ca","first_seen":"2025-12-22T00:02:53.730699Z","last_seen":"2025-12-22T00:02:53.730699Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2087,"timings":{"blocked":-1,"dns":26,"connect":157,"send":0,"wait":1393,"receive":24,"ssl":487},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20251220-1/7e312d7af9d42e8d04563f33d837daa6.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20251220-1/7e312d7af9d42e8d04563f33d837daa6.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 20 Dec 2025 13:03:18 GMT\r\netag: \"92572-64661d158e693\"\r\naccept-ranges: bytes\r\ncontent-length: 599410\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":599410,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x1500, components 3","md5":"de3869fc81446510ea007c340129c6a4","sha1":"b7814d0ef20c556c4d2890bf859fb149976d7472","sha256":"24722a5943116e020a9108fe53bfca8fa8f48391743ae083a397142fd8a49b1e","sha512":"c64afdc1f32791aa477412dd0e7476691af27ba17438c433773dd6de143d823636c58aa8ec1afda49ca32c975c82b6e835a23d561a67a49770d2bc7de2d08721","ssdeep":"12288:DBJ4PM67xWxuKbctBXZ48EhZNTCLEoQe40xmEgwAj6FHmp19aVV6:v4PRF6uKbctBXZtszIEoNDU3w/FkaV8","tlshash":"58d4235b7ec02eb92a6ee5a43d5e724f28b1b829af46142c3d6ece005367530e3c475d","first_seen":"2025-12-22T00:02:53.731761Z","last_seen":"2025-12-22T00:02:53.731761Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1887,"timings":{"blocked":477,"dns":0,"connect":0,"send":0,"wait":1229,"receive":181,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.ophim.live/uploads/movies/thuoc-phim-ma-quai-thumb.jpg","fqdn":"img.ophim.live","domain":"ophim.live","tld":"live"},"ip":{"addr":"172.67.198.231","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ophim.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Dec 2025 14:42:59 GMT","end":"Fri, 13 Mar 2026 15:41:41 GMT"},"fingerprint":{"sha1":"C6:0C:7F:AB:59:AA:D5:DD:00:A6:9C:7E:B8:11:75:F3:46:12:5E:4D","sha256":"CE:43:49:C0:F8:49:8A:F8:8E:AC:94:94:15:16:09:11:89:F0:6B:5A:2C:58:06:93:94:76:EE:8F:40:F7:A7:9C"}}},"request":{"raw":"GET /uploads/movies/thuoc-phim-ma-quai-thumb.jpg HTTP/1.1\r\nHost: img.ophim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 00:01:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 481395\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccept-ranges: bytes\r\netag: \"17fd2932fc802a30dbb8dd5d31aed7a5\"\r\nlast-modified: Thu, 11 Dec 2025 03:35:29 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, accept-encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18832574951FCD94\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 65055\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4d7OSb2aRwLu%2F7QaIOQ5R3Q5L%2BOgG%2FAoAS%2BOn59Likbw40r%2FtUrT8ttEaseHdt9pkzR0jHLp0JgjXCrMi4lQe0mA4TcIXUiMwc%2Fz8B06\"}]}\r\ncf-ray: 9b1b58fab9e95a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":481395,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 889x1334, components 3","md5":"17fd2932fc802a30dbb8dd5d31aed7a5","sha1":"d2eaba945c30e7616b81ba844de73101afc8d4ca","sha256":"1ed0cfe5063fbe84c60db46ce013472967f263ab3e697c30c76335f164ccbc71","sha512":"ccb3b3457916010420b1a49681c5911677ff6b5102ddb72e109e57d6f84c98dba48b8c03ff0c5edfcba78907b274677af7406407034f9e1be4bd0e429900a325","ssdeep":"12288:Ttb3R6AO9Lxg4S86lkOmFiHnDZbgAkO6geFCTk9DLsHDC9pGH+TKgY9w:ThkRLa4Sfvu2D3X6rJ/IyGeTp","tlshash":"e6a40212ef226155ff0d06f8e886fd0f0ac1276d386649399ec02956e7d0459f893bee","first_seen":"2025-12-22T00:02:53.732884Z","last_seen":"2025-12-22T00:02:53.732884Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1687,"timings":{"blocked":1542,"dns":0,"connect":0,"send":0,"wait":8,"receive":137,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phimimg.com/upload/vod/20250713-1/a079fb1c44f1bfb42f7eb0a01a2acb15.jpg","fqdn":"phimimg.com","domain":"phimimg.com","tld":"com"},"ip":{"addr":"172.247.28.42","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tvphim.one/","date":"2025-12-22T00:01:55.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phimimg.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 02:41:10 GMT","end":"Tue, 23 Dec 2025 02:41:09 GMT"},"fingerprint":{"sha1":"B9:6F:0C:1F:A0:0C:34:D4:8D:30:6B:C6:57:1A:7A:C5:61:D4:D8:C9","sha256":"22:F3:89:62:26:6D:A2:C3:1F:E7:58:EE:1C:3E:04:02:79:36:95:E4:35:40:91:5D:43:62:23:88:27:F5:C1:0A"}}},"request":{"raw":"GET /upload/vod/20250713-1/a079fb1c44f1bfb42f7eb0a01a2acb15.jpg HTTP/1.1\r\nHost: phimimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tvphim.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 13 Jul 2025 08:20:50 GMT\r\netag: \"551f3-639cb3892256d\"\r\naccept-ranges: bytes\r\ncontent-length: 348659\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Dec 2025 00:01:57 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":348659,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"b099560abcd87899b26ec793c7a60bfb","sha1":"be9963e72dfa8f906fe1babd83f84dd35e4def3c","sha256":"945f5baa45253c1050dc30be432dfc7b90c27a009bedac1d45caac5bf98b0951","sha512":"edd3165f219108f69680d4d535021351ff7eeceec255d2e2f5c72812d4b80c215e098c0ede45dbee7eefff732619a0b6d18f469a4419b2c4325b4a5e845dc0bc","ssdeep":"6144:pRLFbm47BVDrXxp/15d17Q/S57hzEgbmEZKSjgv/x94i0+670xNpoFdYRUI/sKxS:zFD7B5XBs8EgcVv594F+XJGdc/X1HOrJ","tlshash":"f6742323f25a33dbdf76eb5392ae181c0e016e25b1d9f71396f312c46260389d84d89a","first_seen":"2025-12-22T00:02:53.733989Z","last_seen":"2025-12-22T00:02:53.733989Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2149,"timings":{"blocked":474,"dns":0,"connect":0,"send":0,"wait":1566,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"phimimg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}