Report - nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

Report Overview

Submitted URL
nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163
ASN
#43317 SIA VEESP
Submitted
2024-04-19 03:37:47
Access
public
Website Title
(1) New Message!
Final URL
nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-04-18	9.9 kB	164 kB	142.250.74.35
stripherselfscuba.com	unknown	2024-04-16	2024-04-16	2024-04-18	6.7 kB	14 kB	172.240.108.68
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-18	652 B	423 B	192.243.59.12
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-18	420 B	98 kB	142.250.74.168
chokedsmelt.com	unknown	2022-02-17	2022-02-17	2024-04-15	351 B	17 kB	172.240.108.76
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-17	735 B	30 kB	172.67.180.87
nguonphimc.com	unknown	2024-04-10	2024-04-10	2024-04-14	15 kB	372 kB	94.242.50.163
nguonphimb.com	unknown	2024-03-29	2024-04-11	2024-04-18	2.8 kB	2.6 kB	94.242.50.163
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	3.4 kB	190 kB	142.250.74.106
grab.nguonphimc.com	unknown	unknown	No data	No data	5.2 kB	248 kB	94.242.50.163
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-04-18	2.3 kB	44 kB	188.114.97.1
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-04-17	484 B	833 B	45.133.44.3
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2024-04-17	455 B	148 kB	142.250.74.66
m3.nguonphim.net	926780	2016-09-27	2017-09-03	2024-04-17	1.5 kB	65 kB	94.242.50.163
m3.nguonhay.com	unknown	2022-05-13	2022-10-28	2024-03-07	2.4 kB	432 kB	94.242.50.163
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	12 kB	702 kB	142.250.74.131
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-18	427 B	420 B	3.123.64.179
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-04-18	536 B	72 kB	216.58.211.14
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-04-17	454 B	79 kB	45.133.44.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	chokedsmelt.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-18	medium	unseenreport.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed
2024-04-19	medium	stripherselfscuba.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (56)

	URL	Size	First Seen	Last Seen
	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	84 B	2023-03-08	2024-04-28
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 05:21:43 Last Seen2024-04-28 23:23:44 Times Seen23 Hash ca23b17c1ee24021de587b902d9f29e0 a702db81bafc61b6374b7c94eb252b380e0dba61 b2961c68c26a968fe3ff6b6202ba9595202bb7f65cf683b781775cbc24c05dbc Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	153 B	2024-03-30	2024-04-20
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 03:40:57 Last Seen2024-04-20 07:49:23 Times Seen19 Hash a6ccbb3e3e222109f76c0c907d315a0e 6edfe9af4586c5e8436883d68a3c8338b0676a96 3f7767349ca2ffdffd4d0aaa1f68984f67334bc78d9944a0ce94a3ef03ad238a Loading...

	nguonphimc.com/themes/np/js/jquery.showmore.src.js	1.0 kB	2023-03-13	2024-05-02
Pretty URL nguonphimc.com/themes/np/js/jquery.showmore.src.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:25:00 Last Seen2024-05-02 06:15:41 Times Seen126 Hash f67d16dc855157012280d1b8d2d0ac55 4eaa66120111bb8cb4c21884c647bf609ef3a7a5 89a7b91f92a0583bcfabc3dc0347bfb78822ebe75d229fb766ae2fdc6e7e0d28 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	4.7 kB	2024-04-17	2024-04-19
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 18:30:32 Last Seen2024-04-19 09:11:16 Times Seen6 Hash b8734b517e0c21f3b7ee8b25c7f71799 ebb543ff3f88f5b11c4f63071e1b7bdde7d13e0c bb514805ac7374f8d19550629978abf314a052102c271fe3fbf95d5707276b6b Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	628 B	2024-04-19	2024-04-19
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:55 Times Seen1 Hash 929b1c36dc719bf4eac2656acde32775 630452d0805250a5999d2c57ceef8e6742b5b376 5d74ad88e782d8d806a56ff9281ed6999cef589aec827e1c90963718c9c9a15c Loading...

	www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c	34 kB	2024-04-19	2024-04-19
Pretty URL www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 09:11:18 Times Seen8 Hash ab199b9dc5faf341e688a4c9196b0874 fdf2ccb808e05f2789ced334d3d18e13ec59d71c 454a7e35fa7a6c0a52d616009ce1964375308a1b839a87095780df64b70c4e0e Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	1.7 kB	2024-04-17	2024-04-19
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 18:30:32 Last Seen2024-04-19 09:11:16 Times Seen6 Hash 9f2bb350cea97db55bd20506ba4bd6f9 90d68fc4b2976d8a50706bc018e9c4d8fa261c4e 558a8534505e07cba074ac0a47f3944380a2e18de99021df0686b587d42faa11 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	196 B	2024-04-19	2024-04-19
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 09:11:16 Times Seen4 Hash 1140aae5d458b400b4cf46770d2132a3 9a536710af7204b80538ef4b017d5d4f96b3ddec 6bb8485b086fd28e7ca4122fce2b3fe1f6162023bbdc08df5149e573db324526 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	12 B	2023-03-07	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:32 Last Seen2024-05-02 11:17:59 Times Seen30850 Hash e5b17204cd55d18a8a2a41824d9fec28 40e8060add70f00c034257f9d49a50dd799ba846 3d0c04a7592aa05499634991244c8d7cce5e5f8b7a414ef8b83d6442b6d52612 Loading...

	nguonphimc.com/assets/b2993a05/jwplayer.js?ver=2.4.8.2	118 kB	2023-03-14	2024-04-19
Pretty URL nguonphimc.com/assets/b2993a05/jwplayer.js?ver=2.4.8.2 IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:01:34 Last Seen2024-04-19 09:11:18 Times Seen50 Hash 637800d55d2ac43cd3c4a864fac04661 bfb57b2bbe30a271e945e5d36027d69fb01b24cf 2aac7ee38577a71b8f0ec381c7836fc29274407517b9038e879fa762651dc5fc Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	445 B	2023-06-30	2024-05-02
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-30 17:21:06 Last Seen2024-05-02 06:15:40 Times Seen42 Hash 97e094668f02b1c249e1b0fde6a93c38 0153a494a8ff263e8e544dccddccd8fb0cafb4d1 58c2bf516e86f70bfeade925e3cacc9dada2b41883b78e2b090f41074283eca2 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	7.7 kB	2024-04-19	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:40 Last Seen2024-05-02 08:54:41 Times Seen228 Hash 6e979bb9754414e7aba5c3fd2b118b39 81f555750076dc3d05375ad3187415b75e75f320 5a4fb00c5c7fdac3ca14d9ecccd2c06b84b9b5d6286c9fb7eefd2076e1c49664 Loading...

	www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/am=gKEb/d=1/excm=_b,_tp,allowadsview/ed=1/dg=0/wt=2/ujg=1/rs=AJlcJMyk_vGx5h43VSCi6ky069QGFQvtIA/m=_b,_tp	158 kB	2024-04-19	2024-04-19
Pretty URL www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/am=gKEb/d=1/excm=_b,_tp,allowadsview/ed=1/dg=0/wt=2/ujg=1/rs=AJlcJMyk_vGx5h43VSCi6ky069QGFQvtIA/m=_b,_tp IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 09:11:18 Times Seen8 Hash 65e864be75ee444565658d67774b0c54 7f0f29fd4bb9ca93150b786e4f48f5c2f8bca773 db02c8b4797a18ccbe137c9fc2de340c332ff76454cfd1aaa1e8545766b8ba8f Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	2.6 kB	2023-03-14	2024-05-02
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 11:01:34 Last Seen2024-05-02 06:15:40 Times Seen43 Hash 60161d8d86847ca8b04f5b01ee669a6c 717b4881183bf8cf5ce77404d34a269a4050aeb1 a24fd0045c4ab300e6a50db2183ef069a1381b411e5266655083d9181cd34eb4 Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	1.1 kB	2024-04-19	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:55 Times Seen1 Hash f3afbead1adc85516f56f55ffecb2c4b 064b9e7b5226ec8da6331a8c270162488ede212b 99b3a0881f5c9ad9935e52cf7fd12a71b1f528edd1e66a4c34f8702ac3269a6b Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	130 B	2023-03-07	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:32 Last Seen2024-05-02 11:17:59 Times Seen30862 Hash b90579d967def1905d8e58bde1d6baa6 d90906655ce68eb39abb59c16153675683d53d5c f984f4834618294a8c88f19ce3af90459eb4eef60144b2b9cb6a79d12a4621d5 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	63 B	2023-03-07	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:32 Last Seen2024-05-02 11:17:59 Times Seen30882 Hash 3ca9fc059879b598f3d6d3003cf130b3 d641a68a8bccf23c0fe85576609870d5f36cdd9d 3d2b5964246a6a054c9fb0a3a79e72b47de369280fd18b7e5e0bb42a441bb38b Loading...

	www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=soHxf	28 kB	2024-04-19	2024-04-19
Pretty URL www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=soHxf IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:39 Last Seen2024-04-19 09:11:18 Times Seen8 Hash 0df69be878f840c3ece59615858c5009 65d903b30ab94d986ae198622811f39576d4da4c b51d740f6556a23458f1715f7183de04394c359a5d5645175c914c880a7e0a16 Loading...

	www.googletagmanager.com/gtag/js?id=G-DDD7EKFG6W	287 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-DDD7EKFG6W IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:56 Times Seen2 Hash 077520cff155c20182180bf2f70cf6ca 7a2555d1f16c440e70e2af147b0c87549a973324 65073d7680f8ed728639c504a56f5b2fb8c332ca32477b4cf17070d38f512692 Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	108 B	2023-03-14	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 11:01:34 Last Seen2024-04-19 09:11:17 Times Seen18 Hash ef4c27c58385253ae798af44cbb5862b f6559a264b17a4eba91ddc14f9d33b4f305b17cb adb9f89e22c9671868224ee9caed81bde3c6c6649e6177f61ad4fb9b68f8f28f Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	14 kB	2024-04-19	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:55 Times Seen1 Hash 3dfb980d35cf9b09a0f0e185b53e4ed3 8f39710e7821a5c649bac75da12a39f9a3ea9794 cdc45f85c6c533151dda30f2a2982b81fe042ca2a2eeecacf6b4388d7f3a9182 Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	3.9 kB	2024-04-19	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 05:37:55 Times Seen2 Hash f11094b58cdf45fe35383b5991b931f0 ca812f406cae15fd5eb4e1dee95f62164d1903de cecbe8f80e91cc36e7caf559d6636fc8ab2ff8a4800d076b4d7c423f398f9c00 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	385 B	2023-03-07	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:47 Last Seen2024-05-02 07:24:25 Times Seen1665 Hash d70da2b55da6721581b04b6b63604be9 bca4ba9a46bccdc4162ceea59b235d0c1286d78c 39b9038770f5b35231bfa67043b09532ca8ad8c9d0334d17cb6f492f8110192f Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	386 B	2024-04-19	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 05:37:55 Times Seen2 Hash 3c21f02b073fb8ebfdb18a345f659014 7a2b0e3160a3f01ef6bae9234b6b59e630e68b93 f28beaefef90bfdddfedb3914616bd10366c2d411c87297cc35b9d9fc9026c3e Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	186 B	2023-03-14	2024-05-02
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 11:01:34 Last Seen2024-05-02 06:15:41 Times Seen36 Hash b993e8a9b04faef49d09b434bd17084a 39a8f48a89f2e25c64f943ccbd07569554ee9c35 6f0325f63b0088d5d2b0077b848f4ad68412653d986d7bd5ffb5691ac86bf2c8 Loading...

	moz-extension://2e2647a9-0c81-40a2-b74e-467a16e94626/lib/shim_messaging_helper.js	1.7 kB	2023-05-05	2024-05-02
Pretty URL moz-extension://2e2647a9-0c81-40a2-b74e-467a16e94626/lib/shim_messaging_helper.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:33:37 Last Seen2024-05-02 12:16:37 Times Seen45348 Hash 865f01cbb34eb505834e826380d7dc2e c239ccc37191f1be78dfaa6bb3f1da5d314fdf9e 30ed6392b8de4590bd974a4a797ee0b12b382f2141738115bfd2d692cfa6ec17 Loading...

	www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp,soHxf/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk	7.8 kB	2024-04-19	2024-04-19
Pretty URL www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp,soHxf/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:39 Last Seen2024-04-19 09:11:18 Times Seen8 Hash ab1564f0dc81e3cdd5ded3cc022d6364 821fe2a008e172df73c12e0a3d2eb6da3c4cb717 872b63440dfdc5f5b4b42cddd6aa1ce863efcd72d3816e927dcd3cd65c2b06c3 Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	1.4 kB	2023-03-14	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 11:01:34 Last Seen2024-04-19 09:11:17 Times Seen18 Hash 1c3e03095d8c95ed26cf5e4bcd9863fe c5e9386b9cf38ebb79e8d7ed08f85f3191e677b2 45cbb48de82182a524d260af8a685982b9d7ba3e66e3da0a91751b165c492f7f Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	85 B	2024-04-17	2024-04-19
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 18:30:33 Last Seen2024-04-19 09:11:17 Times Seen6 Hash ed37053600f628da0aeae82d689486e8 c6f8ba9167804abaffed41b0c764bd45e2ca3e3e 7fb03ab342b1c5bda1877633d6acf1c1f3957ecab1468a8c9b1aaa24ac82b1d4 Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	876 B	2023-05-11	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 05:51:04 Last Seen2024-05-02 11:17:59 Times Seen26172 Hash 3227d3cdc863d0e058f79933c5b34799 b465a593763faa55e68abcf0a3e068488ec78d50 f733b93028bfc7b45cb291649513f6f68967cae34c25eb8a608a4b013b0f39cd Loading...

	nguonphimc.com/assets/3bd14e95/jquery.min.js	97 kB	2023-03-07	2024-05-02
Pretty URL nguonphimc.com/assets/3bd14e95/jquery.min.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-05-02 06:15:41 Times Seen2418 Hash 0fca26b5a37a66d68d0f4406976be4b5 ee000eb654b3bd37185665d3901e93b34ce1aa52 8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18 Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	1.2 kB	2023-03-14	2024-05-02
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 11:01:34 Last Seen2024-05-02 06:15:41 Times Seen43 Hash 9b84178904087e9ecab356dd1d22e7ac 7d8f1e77acc4c28b9c0302d86705315d0970ad5f 6dc11177a43f6eb08ce1e1076f1407df69952991908cfe350a82e5b0abbc6566 Loading...

	grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA	7.4 kB	2024-04-19	2024-04-19
Pretty URL grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:55 Times Seen1 Hash b1ae9ebf0f911e7b537ca8b341f5865a 0be3975f67c92fa379b819487ae4d3e380e7d7b0 abf97b2751f32e3bff8b40e9ce3df9f88428996e965a335209d65164c886faf5 Loading...

	connect.facebook.net/vi_VN/sdk.js#xfbml=1&version=v4.0&appId=638726026897009	17 kB	2023-05-05	2024-05-02
Pretty URL connect.facebook.net/vi_VN/sdk.js#xfbml=1&version=v4.0&appId=638726026897009 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:33:37 Last Seen2024-05-02 12:16:37 Times Seen44806 Hash b938e0b835c600209bdaae9d8ccda6d7 d5ee79d277057e05f002a18381722b5eb75d3883 d1b95aeb57c3285042e1e24c00cc56a8560d16daf7ee5cdfd5c75296b21ac91b Loading...

	www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,EFQ78c,FCpbqb,LEikZe,WhJNk,Wt6vjf,_b,_tp,byfTOb,hhhU8,lsjVmc,lwddkf,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd	32 kB	2024-04-19	2024-04-19
Pretty URL www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,EFQ78c,FCpbqb,LEikZe,WhJNk,Wt6vjf,_b,_tp,byfTOb,hhhU8,lsjVmc,lwddkf,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 09:11:18 Times Seen8 Hash f5c7fc324e43f85696f2873b1fe2a8d4 7d90bee3a4626a8766fad6ba57e8a065b9c5d19f 5485453d1c290f9728e0756544aea1360eaf9a5b5555d1017b69d213d3d82455 Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	84 kB	2023-03-07	2024-05-02
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-02 08:49:26 Times Seen15865 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	nguonphimc.com/themes/np/js/bootstrap.min.js	37 kB	2023-03-07	2024-05-02
Pretty URL nguonphimc.com/themes/np/js/bootstrap.min.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:31 Last Seen2024-05-02 08:56:44 Times Seen2962 Hash e7d9a06cf9053c51cd4ad3386da0659a e45bf1054704a1fdfc4ee2713a16bf9283dea995 9a3724b2051a82064c923cbd68343dcb04014adac3ccb8c4d8ac6a31ba2e12cd Loading...

	nguonphimc.com/themes/np/js/wow.min.js	8.4 kB	2023-03-07	2024-05-02
Pretty URL nguonphimc.com/themes/np/js/wow.min.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-05-02 08:01:17 Times Seen1531 Hash e1f1ff6897992a9165e8ce009b4039e3 e297207404fea99863aea60a1dcd3770f8ecddee 37461d9b50fd93b2e6d064c4aa48cbc16d5b1e82c27f47270b87a39225cc00ac Loading...

	nguonphimc.com/themes/np/js/jquery.magnific-popup.min.js	20 kB	2023-03-07	2024-05-02
Pretty URL nguonphimc.com/themes/np/js/jquery.magnific-popup.min.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:21 Last Seen2024-05-02 06:15:41 Times Seen5917 Hash b37d7edf99565d3858eaa1ad80df3cff 786a4343711e9af5e5dfcc493e7d2331b48875bb b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2 Loading...

	www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=BWd0oe	43 kB	2024-04-19	2024-04-19
Pretty URL www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=BWd0oe IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 09:11:18 Times Seen8 Hash 124ba95b2ec12aff22f988c42b14d353 e506202fff14601dba2b44d807b1319968bb3216 50aff2092ce10805752997b823e0bb7490112ff66b9f2d00eaa8b6cada98a873 Loading...

	grab.nguonphimc.com/js/main.min.js?v=2.4.8.2	18 kB	2023-03-08	2024-05-02
Pretty URL grab.nguonphimc.com/js/main.min.js?v=2.4.8.2 IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:21:43 Last Seen2024-05-02 06:15:41 Times Seen117 Hash 2f3514d630f0195787c0f99778202f3c 2ce2883a59c655b8e02d644a1449fcdfdf604486 23b47b8eb144a359fdd87940db44e0420e7e0062f3cbba762e0e22c35afb3749 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-02
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-02 12:13:20 Times Seen1642 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA	1.4 kB	2024-04-19	2024-04-19
Pretty URL grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:55 Times Seen1 Hash b79998d9e008eb84d906c20d74daf61f 5f56130244468530a4eb6b11d1d299734db3acf6 aba5561c1c5c3acf512b52a148ef32e96c41b724f036cad1387fd6ef999290cf Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	3.9 kB	2024-02-18	2024-05-02
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-18 22:54:32 Last Seen2024-05-02 06:15:41 Times Seen34 Hash 972805b1a38054d9b5ccdb8e70028090 4710bc93ff6f4bcd3a154425aba307648efacdda 8ed077247980a4e781cdc45b2dbdea9875cabadd19eb48ef55d98708eb601401 Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	9.4 kB	2023-03-14	2024-05-02
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 11:01:34 Last Seen2024-05-02 06:15:41 Times Seen43 Hash 1fbb5a1c0db77beb2e5697fa2e4f2ba9 d50e55939259b9a1e60ba06e8aa6dbcbbe9b4f0b 20b7d396ca4d7747326ac67a5c06f5ca1b6391f794e8125b3583040e61c5c105 Loading...

	grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA	496 B	2023-11-22	2024-04-19
Pretty URL grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-22 12:39:14 Last Seen2024-04-19 05:37:55 Times Seen4 Hash 7b48626b781340089403c8645ef80eee 6a76caf30c4eb2c6ecccac56c4b995a395919ff4 fe430a84521ebc65c8999dd7a1f75cf15943502f8b954bf45d13260c2682dfeb Loading...

	unknown	31 B	2023-06-30	2024-05-02
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-06-30 17:21:06 Last Seen2024-05-02 06:15:40 Times Seen42 Hash 99435bde41f63f11e10faa33493d957c 8d71886c3801548743aadd0e77022831e1865834 ff338bca90a388441fe03cb825c6350d33321f0bafa5847c8e38aca7375b77ed Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	1.2 kB	2024-04-19	2024-04-19
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 05:37:55 Last Seen2024-04-19 05:37:55 Times Seen1 Hash 4a5810b3f4bd980768cd16f5b2529676 055fec11d7518f91e7e6b0f57d8337859b98b161 b2bd97a15ca295b008fa577f938760f564ba67f60e19dd189c13e87df4ff3c43 Loading...

	unknown	1.3 kB	2024-03-06	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-06 18:44:11 Last Seen2024-05-02 06:15:30 Times Seen6 Hash fc2ff18a82b01ffcf94de510039fa783 adeda09302522cdc035a0d92cd3bac9420d2750e 24ef73d8ffcbbc1fa0ece174437ac0b367423cd934500f1c51b6d08360d935aa Loading...

	nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html	763 B	2024-04-17	2024-04-19
Pretty URL nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 18:30:33 Last Seen2024-04-19 09:11:17 Times Seen6 Hash b2a5ff24ca01fa6fb1ddb4e4a609bc8c 2c622544bacf04bfdd7d1e08d8a30c38003b7460 f4c551ffb4f2bb6f9344ba319cf6694141bd6cae2ac92c5308d6221208372932 Loading...

	chokedsmelt.com/5b/28/bb/5b28bb3338748187b2166508de2d96b3.js	44 kB	2024-04-19	2024-04-19
Pretty URL chokedsmelt.com/5b/28/bb/5b28bb3338748187b2166508de2d96b3.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 05:37:56 Last Seen2024-04-19 05:37:56 Times Seen2 Hash dbd1246650dfc29a9b73c39dd61d72d1 0ebe5c413701261aa0a79069658e39d4c347a563 4b40dc9edf30b470e89ee9352cf9395363ceffff30546ca2a8875555e8f4fef8 Loading...

	nguonphimc.com/themes/np/js/jquery.nice-select.js	6.0 kB	2023-03-07	2024-05-02
Pretty URL nguonphimc.com/themes/np/js/jquery.nice-select.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:53 Last Seen2024-05-02 06:15:41 Times Seen93 Hash 723e741faba72abfb0e56b6e0f8a73d8 ba71788614e8e11dbeeebdcac9037b57e7a69ce4 39f6514264e1603542b6aa38ba44c3be0aa7bbdef56ed139d74fe75e24e642fa Loading...

	nguonphimc.com/themes/np/js/owl.carousel.min.js	24 kB	2023-03-07	2024-05-02
Pretty URL nguonphimc.com/themes/np/js/owl.carousel.min.js IP 94.242.50.163 ASN #43317 SIA VEESP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2024-05-02 06:15:41 Times Seen1232 Hash 8c52f27fcac36c7667f8fb846e1e94d5 e5862559db659ffd530c91452d668c5e7b3f0f2d 6c1e31700f68d1666de6b0992e89d413434707718bf729a472404029845bdbad Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	84 B	2023-03-07	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:32 Last Seen2024-05-02 11:17:59 Times Seen30919 Hash 50371200cd5f1f923ab39ef2ef84f798 5a3bbc0639a7a75c53fc1ce7a8c7a0433f6b3285 6f32e65215e120986a7ab3e61b08961abcf448f7d1986d12f94dbab7ac2ccadc Loading...

	fundingchoicesmessages.google.com/s/whitelist?hl=vi	105 B	2023-03-07	2024-05-02
Pretty URL fundingchoicesmessages.google.com/s/whitelist?hl=vi IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:32 Last Seen2024-05-02 11:18:00 Times Seen30818 Hash b47393a011801ae3c2e20bffd05ff81e 3e12884bf79d0b71a980f852b7577324b505dce4 bd5de7d4323c02ad258b93b291b368aa5a2dfb49f8ff1add3deca73fe6ad76a3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0da0558601527d33e8fb254ab42e537b	278 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 05:37:40 Last Seen2024-04-19 05:37:56 Times Seen2 Hash 0da0558601527d33e8fb254ab42e537b 0257d003df01e0fded503ddde3ca758aaa8c999b b5cf0b1ccbfb67b7f4425ff6f33e6dc25e3e302d4744035c1538fb1f1e94ad16 Loading...

HTTP Transactions (116)

URL IP Response Size

nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

0 B

URL
nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:0
ASN
#43317 SIA VEESP

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Set-Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Location: http://nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

732 B

URL
nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:0
ASN
#43317 SIA VEESP

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
732 B (732 bytes)
Hash
275bb0c447eefe25e5b8309201df47a2
59c3bbe244d40eed0b315b0a0c6547039635deeb
ae07b8a1d3ab3b03b83fe2af8271fdbb6a0f437fea0503c52eb554280cb16f42

HTTP Headers

GET /site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Set-Cookie: us_session_id=P26349; expires=Sat, 20-Apr-2024 03:37:18 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 732
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/assets/3bd14e95/jquery.min.js

94.242.50.163

200 OK

34 kB

URL GET HTTP/1.1
nguonphimc.com/assets/3bd14e95/jquery.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (32077)
Size
34 kB (33693 bytes)
Hash
0fca26b5a37a66d68d0f4406976be4b5
ee000eb654b3bd37185665d3901e93b34ce1aa52
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

HTTP Headers

GET /assets/3bd14e95/jquery.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/site/site/embed/?url=http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 09:07:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:18 GMT
Content-Length: 33693
Connection: close
Content-Type: application/javascript; charset=utf-8

m3.nguonphim.net/media/images/1/favi/favicon-1498701606.png

94.242.50.163

200 OK

18 kB

URL GET HTTP/1.1
m3.nguonphim.net/media/images/1/favi/favicon-1498701606.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 46 x 48, 8-bit/color RGBA, non-interlaced
Size
18 kB (17873 bytes)
Hash
e6f4a93efe2d93e885abcbb4cc09cd4a
e4f94b9e95b40e30b215228316bb7f8c48d08ed2
93b7bbea433aa41f6efb860d3d9777d363f9e64fc1ad4186cd9ef525bbee9c94

HTTP Headers

GET /media/images/1/favi/favicon-1498701606.png HTTP/1.1
Host: m3.nguonphim.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 05 Jul 2017 04:14:59 GMT
ETag: "45d1-5538a3e52eb40"
Accept-Ranges: bytes
Content-Length: 17873
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:18 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/png

nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

301 Moved Permanently

4 B

URL User Request GET HTTP/1.1
nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:443
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimb.com
FingerprintD9:F9:6D:82:7E:A7:A1:8A:D2:1B:76:5D:02:EA:BC:09:D5:71:F2:51
ValidityFri, 29 Mar 2024 10:13:08 GMT - Thu, 27 Jun 2024 10:13:07 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
f92965e2c8a7afb3c1b9a5c09a263636
e9b450d14bc2363d292c84f17cfad5cfbd58a458
11a6767d5674c7e45f7e00dc525762275b3a48491ad6045427d2609cc496c516

HTTP Headers

GET /xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nguonphimc.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 19 Apr 2024 03:37:19 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Location: https://nguonphimb.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 4
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimb.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

0 B

URL
nguonphimb.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:0
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimb.com
FingerprintD9:F9:6D:82:7E:A7:A1:8A:D2:1B:76:5D:02:EA:BC:09:D5:71:F2:51
ValidityFri, 29 Mar 2024 10:13:08 GMT - Thu, 27 Jun 2024 10:13:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nguonphimc.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Set-Cookie: PHPSESSID=88s13jl4seh2hhqihd0n2h05m4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Location: http://nguonphimb.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimb.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

0 B

URL
nguonphimb.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:0
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimb.com
FingerprintD9:F9:6D:82:7E:A7:A1:8A:D2:1B:76:5D:02:EA:BC:09:D5:71:F2:51
ValidityFri, 29 Mar 2024 10:13:08 GMT - Thu, 27 Jun 2024 10:13:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nguonphimc.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=88s13jl4seh2hhqihd0n2h05m4
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Location: http://nguonphimc.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

757 B

URL
nguonphimc.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:0
ASN
#43317 SIA VEESP

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
757 B (757 bytes)
Hash
7964f390d33c3239d9e19995bd672a26
8d24c6f006ef0056a47572bec13db41446484985
5cc79ce0a3c4f2165667006c4d121810198aaaefa44b9ac46622917613e54589

HTTP Headers

GET /site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nguonphimc.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 757
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/assets/3bd14e95/jquery.min.js

94.242.50.163

200 OK

34 kB

URL GET HTTP/1.1
nguonphimc.com/assets/3bd14e95/jquery.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (32077)
Size
34 kB (33693 bytes)
Hash
0fca26b5a37a66d68d0f4406976be4b5
ee000eb654b3bd37185665d3901e93b34ce1aa52
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

HTTP Headers

GET /assets/3bd14e95/jquery.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/site/site/embed/?url=https%3A%2F%2Fnguonphimb.com%2Fxem-phim%2Fvuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 09:07:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:21 GMT
Content-Length: 33693
Connection: close
Content-Type: application/javascript; charset=utf-8

m3.nguonphim.net/media/images/1/favi/favicon-1498701606.png

94.242.50.163

200 OK

18 kB

URL GET HTTP/1.1
m3.nguonphim.net/media/images/1/favi/favicon-1498701606.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 46 x 48, 8-bit/color RGBA, non-interlaced
Size
18 kB (17873 bytes)
Hash
e6f4a93efe2d93e885abcbb4cc09cd4a
e4f94b9e95b40e30b215228316bb7f8c48d08ed2
93b7bbea433aa41f6efb860d3d9777d363f9e64fc1ad4186cd9ef525bbee9c94

HTTP Headers

GET /media/images/1/favi/favicon-1498701606.png HTTP/1.1
Host: m3.nguonphim.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 05 Jul 2017 04:14:59 GMT
ETag: "45d1-5538a3e52eb40"
Accept-Ranges: bytes
Content-Length: 17873
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:21 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/png

nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:443
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimb.com
FingerprintD9:F9:6D:82:7E:A7:A1:8A:D2:1B:76:5D:02:EA:BC:09:D5:71:F2:51
ValidityFri, 29 Mar 2024 10:13:08 GMT - Thu, 27 Jun 2024 10:13:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Cookie: PHPSESSID=88s13jl4seh2hhqihd0n2h05m4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Location: http://nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
nguonphimb.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:443
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimb.com
FingerprintD9:F9:6D:82:7E:A7:A1:8A:D2:1B:76:5D:02:EA:BC:09:D5:71:F2:51
ValidityFri, 29 Mar 2024 10:13:08 GMT - Thu, 27 Jun 2024 10:13:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nguonphimc.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=88s13jl4seh2hhqihd0n2h05m4
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Location: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:443
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimc.com
Fingerprint30:27:67:FA:FE:DB:78:5F:CD:B9:5D:D0:18:14:93:A4:BC:93:3D:C1
ValidityWed, 10 Apr 2024 08:07:50 GMT - Tue, 09 Jul 2024 08:07:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nguonphimc.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Location: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

94.242.50.163

301 Moved Permanently

20 kB

URL User Request GET HTTP/1.1
nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
IP
94.242.50.163:443
ASN
#43317 SIA VEESP

Certificate
IssuerLet's Encrypt
Subjectnguonphimc.com
Fingerprint30:27:67:FA:FE:DB:78:5F:CD:B9:5D:D0:18:14:93:A4:BC:93:3D:C1
ValidityWed, 10 Apr 2024 08:07:50 GMT - Tue, 09 Jul 2024 08:07:49 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (602), with CRLF, LF line terminators
Size
20 kB (19535 bytes)
Hash
2ae7db950cf0d96cec837999192192ed
4baf91cc6021f04240ccc6d8b40e90343d78f93e
2fd180bb68dd7629d18ea13b2b6f07a045f2c41b3c168de086730114d12dc23d

HTTP Headers

GET /xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nguonphimc.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 19535
Connection: close
Content-Type: text/html; charset=UTF-8

nguonphimc.com/assets/3bd14e95/jquery.min.js

94.242.50.163

200 OK

34 kB

URL GET HTTP/1.1
nguonphimc.com/assets/3bd14e95/jquery.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (32077)
Size
34 kB (33693 bytes)
Hash
0fca26b5a37a66d68d0f4406976be4b5
ee000eb654b3bd37185665d3901e93b34ce1aa52
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

HTTP Headers

GET /assets/3bd14e95/jquery.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 09:07:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 33693
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/themes/np/js/wow.min.js

94.242.50.163

200 OK

2.7 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/js/wow.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (8385), with CRLF line terminators
Size
2.7 kB (2742 bytes)
Hash
e1f1ff6897992a9165e8ce009b4039e3
e297207404fea99863aea60a1dcd3770f8ecddee
37461d9b50fd93b2e6d064c4aa48cbc16d5b1e82c27f47270b87a39225cc00ac

HTTP Headers

GET /themes/np/js/wow.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:03 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 2742
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/themes/np/js/owl.carousel.min.js

94.242.50.163

200 OK

6.5 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/js/owl.carousel.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (635), with CRLF line terminators
Size
6.5 kB (6464 bytes)
Hash
8c52f27fcac36c7667f8fb846e1e94d5
e5862559db659ffd530c91452d668c5e7b3f0f2d
6c1e31700f68d1666de6b0992e89d413434707718bf729a472404029845bdbad

HTTP Headers

GET /themes/np/js/owl.carousel.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:03 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 6464
Connection: close
Content-Type: application/javascript; charset=utf-8

www.googletagmanager.com/gtag/js?id=G-DDD7EKFG6W

142.250.74.168

200 OK

97 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-DDD7EKFG6W
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (3969)
Size
97 kB (97102 bytes)
Hash
077520cff155c20182180bf2f70cf6ca
7a2555d1f16c440e70e2af147b0c87549a973324
65073d7680f8ed728639c504a56f5b2fb8c332ca32477b4cf17070d38f512692

HTTP Headers

GET /gtag/js?id=G-DDD7EKFG6W HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 03:37:22 GMT
expires: Fri, 19 Apr 2024 03:37:22 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 97102
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nguonphimc.com/assets/b2993a05/jwplayer.js?ver=2.4.8.2

94.242.50.163

200 OK

39 kB

URL GET HTTP/1.1
nguonphimc.com/assets/b2993a05/jwplayer.js?ver=2.4.8.2
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65140)
Size
39 kB (39208 bytes)
Hash
637800d55d2ac43cd3c4a864fac04661
bfb57b2bbe30a271e945e5d36027d69fb01b24cf
2aac7ee38577a71b8f0ec381c7836fc29274407517b9038e879fa762651dc5fc

HTTP Headers

GET /assets/b2993a05/jwplayer.js?ver=2.4.8.2 HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 09:07:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 39208
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/themes/np/js/bootstrap.min.js

94.242.50.163

200 OK

9.7 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/js/bootstrap.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (32034), with CRLF line terminators
Size
9.7 kB (9726 bytes)
Hash
e7d9a06cf9053c51cd4ad3386da0659a
e45bf1054704a1fdfc4ee2713a16bf9283dea995
9a3724b2051a82064c923cbd68343dcb04014adac3ccb8c4d8ac6a31ba2e12cd

HTTP Headers

GET /themes/np/js/bootstrap.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 9726
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2

94.242.50.163

200 OK

80 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
Size
80 kB (80132 bytes)
Hash
9ccfae82c1f9be3cf7c148a39228f53c
9abd7857d28f34c5007b11ee53d2818482775163
d962cf8c297e2b013c20dadac3f99d1af50957de8e1d1de8b4ea960fbd6fd7b6

HTTP Headers

GET /themes/np/css/color.css?v=np2.4.8.2 HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 08:58:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8

nguonphimc.com/themes/np/js/jquery.nice-select.js

94.242.50.163

200 OK

1.5 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/js/jquery.nice-select.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.5 kB (1538 bytes)
Hash
723e741faba72abfb0e56b6e0f8a73d8
ba71788614e8e11dbeeebdcac9037b57e7a69ce4
39f6514264e1603542b6aa38ba44c3be0aa7bbdef56ed139d74fe75e24e642fa

HTTP Headers

GET /themes/np/js/jquery.nice-select.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:03 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 1538
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/themes/np/js/jquery.magnific-popup.min.js

94.242.50.163

200 OK

7.3 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/js/jquery.magnific-popup.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (20087), with CRLF line terminators
Size
7.3 kB (7346 bytes)
Hash
b37d7edf99565d3858eaa1ad80df3cff
786a4343711e9af5e5dfcc493e7d2331b48875bb
b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2

HTTP Headers

GET /themes/np/js/jquery.magnific-popup.min.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:03 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 7346
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/themes/np/js/jquery.showmore.src.js

94.242.50.163

200 OK

434 B

URL GET HTTP/1.1
nguonphimc.com/themes/np/js/jquery.showmore.src.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (432)
Size
434 B (434 bytes)
Hash
f67d16dc855157012280d1b8d2d0ac55
4eaa66120111bb8cb4c21884c647bf609ef3a7a5
89a7b91f92a0583bcfabc3dc0347bfb78822ebe75d229fb766ae2fdc6e7e0d28

HTTP Headers

GET /themes/np/js/jquery.showmore.src.js HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:03 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 434
Connection: close
Content-Type: application/javascript; charset=utf-8

nguonphimc.com/js/main.min.js?v=2.4.8.2

94.242.50.163

200 OK

5.6 kB

URL GET HTTP/1.1
nguonphimc.com/js/main.min.js?v=2.4.8.2
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17159)
Size
5.6 kB (5620 bytes)
Hash
2f3514d630f0195787c0f99778202f3c
2ce2883a59c655b8e02d644a1449fcdfdf604486
23b47b8eb144a359fdd87940db44e0420e7e0062f3cbba762e0e22c35afb3749

HTTP Headers

GET /js/main.min.js?v=2.4.8.2 HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Sat, 02 May 2020 19:55:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:22 GMT
Content-Length: 5620
Connection: close
Content-Type: application/javascript; charset=utf-8

m3.nguonphim.net/media/images/1/logo/logo16012018.png

94.242.50.163

200 OK

10 kB

URL GET HTTP/1.1
m3.nguonphim.net/media/images/1/logo/logo16012018.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 124 x 40, 8-bit/color RGBA, interlaced
Size
10 kB (10065 bytes)
Hash
a9da8ca65d6ba20845e49ae6b63a0a92
f1c7861f134ba1af81047a0fda27027327b736ab
39eb6969b37ac9325026f79f791a7f8a46f9baa5976e3f0aa8b8772730af4e2c

HTTP Headers

GET /media/images/1/logo/logo16012018.png HTTP/1.1
Host: m3.nguonphim.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Mon, 15 Jan 2018 20:06:20 GMT
ETag: "2751-562d625d53c2f"
Accept-Ranges: bytes
Content-Length: 10065
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/png

nguonphimc.com/img/loading_film.gif

94.242.50.163

200 OK

1.9 kB

URL GET HTTP/1.1
nguonphimc.com/img/loading_film.gif
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
GIF image data, version 89a, 34 x 34
Size
1.9 kB (1924 bytes)
Hash
b9d35ba13f16629ec47d785d61d2204c
680ccabf459357685db0c404f4ef23543e735729
43b3f6a202a86e29f40d8a102cf62565fcdc07cebb55185f13eb86b0fbc8c5e6

HTTP Headers

GET /img/loading_film.gif HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Mon, 25 Dec 2017 07:17:53 GMT
Accept-Ranges: bytes
Content-Length: 1924
Cache-Control: max-age=2592000, public
Expires: Sun, 19 May 2024 03:37:22 GMT
Connection: close
Content-Type: image/gif

chokedsmelt.com/5b/28/bb/5b28bb3338748187b2166508de2d96b3.js

172.240.108.76

200 OK

16 kB

URL GET HTTP/1.1
chokedsmelt.com/5b/28/bb/5b28bb3338748187b2166508de2d96b3.js
IP
172.240.108.76:80
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JavaScript source, ASCII text, with very long lines (44064), with no line terminators
Size
16 kB (15824 bytes)
Hash
dbd1246650dfc29a9b73c39dd61d72d1
0ebe5c413701261aa0a79069658e39d4c347a563
4b40dc9edf30b470e89ee9352cf9395363ceffff30546ca2a8875555e8f4fef8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5b/28/bb/5b28bb3338748187b2166508de2d96b3.js HTTP/1.1
Host: chokedsmelt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bed55bde8361eb190abd0e33742cf305
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

m3.nguonhay.com/media/images/film/newcover/2024/1/s350_700/than-an-vuong-toa-throne-of-seal-1704993650.jpg

94.242.50.163

200 OK

70 kB

URL GET HTTP/1.1
m3.nguonhay.com/media/images/film/newcover/2024/1/s350_700/than-an-vuong-toa-throne-of-seal-1704993650.jpg
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x491, components 3
Size
70 kB (69566 bytes)
Hash
70a40dfce755801e4ba0d1556ef662e7
0d5ebbc060b1b79023a957a8aa26749b8358b1cb
a6edfceb4621a262269195d22f063a64188fbb010013a6270161d517304dea9d

HTTP Headers

GET /media/images/film/newcover/2024/1/s350_700/than-an-vuong-toa-throne-of-seal-1704993650.jpg HTTP/1.1
Host: m3.nguonhay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Thu, 11 Jan 2024 17:20:51 GMT
ETag: "10fbe-60eaec4f8a4c3"
Accept-Ranges: bytes
Content-Length: 69566
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

m3.nguonhay.com/media/images/film/mptv/s350_700/nu-hoang-nuoc-mat-1707443450.jpg

94.242.50.163

200 OK

55 kB

URL GET HTTP/1.1
m3.nguonhay.com/media/images/film/mptv/s350_700/nu-hoang-nuoc-mat-1707443450.jpg
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x501, components 3
Size
55 kB (55340 bytes)
Hash
7d84be20e84510c02a36491f73526483
911556208f24946169d6e9afe33fc2e5f6e48470
84cdd62c2838005fc964ed071a20d264327cc45c1403b1126ceb263fe479c06a

HTTP Headers

GET /media/images/film/mptv/s350_700/nu-hoang-nuoc-mat-1707443450.jpg HTTP/1.1
Host: m3.nguonhay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Sun, 10 Mar 2024 18:55:46 GMT
ETag: "d82c-61352f90ce8d6"
Accept-Ranges: bytes
Content-Length: 55340
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

m3.nguonhay.com/media/images/film/ff/s350_700/the-gioi-hoan-my-1619204356.jpg

94.242.50.163

200 OK

45 kB

URL GET HTTP/1.1
m3.nguonhay.com/media/images/film/ff/s350_700/the-gioi-hoan-my-1619204356.jpg
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 238x344, components 3
Size
45 kB (44925 bytes)
Hash
5e060cae43f33fc6ee9baa645c696f8e
9ac7805332b99d6e27afff6d96d47d72a0369fc8
ed17139b51f4cb501cfa17c692cc257437127fa92980851547df75f6402f13c0

HTTP Headers

GET /media/images/film/ff/s350_700/the-gioi-hoan-my-1619204356.jpg HTTP/1.1
Host: m3.nguonhay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 23 Apr 2021 18:59:22 GMT
ETag: "af7d-5c0a864d52e4d"
Accept-Ranges: bytes
Content-Length: 44925
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

m3.nguonhay.com/media/images/film/pol/s350_700/vo-than-chua-te-1583765005.jpg

94.242.50.163

200 OK

70 kB

URL GET HTTP/1.1
m3.nguonhay.com/media/images/film/pol/s350_700/vo-than-chua-te-1583765005.jpg
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 300x426, components 3
Size
70 kB (70369 bytes)
Hash
fabd25bf58c53cf84b93d09b16a5dab1
44d008211bf7a481cb35b3187b825f54e7c9631c
06138ff6cdd143a248a3b31bbcb4e88ee295c0d11a987a60b9f0c4043fee79e0

HTTP Headers

GET /media/images/film/pol/s350_700/vo-than-chua-te-1583765005.jpg HTTP/1.1
Host: m3.nguonhay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 12 Jun 2020 07:03:11 GMT
ETag: "112e1-5a7ddab8b8f40"
Accept-Ranges: bytes
Content-Length: 70369
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

m3.nguonhay.com/media/images/film/newcover/2021/6/s350_700/vua-hai-tac-1624252456.jpg

94.242.50.163

200 OK

102 kB

URL GET HTTP/1.1
m3.nguonhay.com/media/images/film/newcover/2021/6/s350_700/vua-hai-tac-1624252456.jpg
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x525, components 3
Size
102 kB (102471 bytes)
Hash
f3b3235be303bcdd8806ee587f879d0a
c5cfc2f2b686184a9bb5d8495268fb62e685d17c
f365d987c622865d1bac410f3814dabce383d1dd2d961f00aafaf256b251c42e

HTTP Headers

GET /media/images/film/newcover/2021/6/s350_700/vua-hai-tac-1624252456.jpg HTTP/1.1
Host: m3.nguonhay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Mon, 21 Jun 2021 05:14:17 GMT
ETag: "19047-5c53fbebf16b6"
Accept-Ranges: bytes
Content-Length: 102471
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

m3.nguonhay.com/media/images/film/bio/s350_700/chim-boi-ca-1665899828.jpg

94.242.50.163

200 OK

87 kB

URL GET HTTP/1.1
m3.nguonhay.com/media/images/film/bio/s350_700/chim-boi-ca-1665899828.jpg
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 350x438, components 3
Size
87 kB (86614 bytes)
Hash
cdb099f8426bd971ac65260f52a7c035
549e05f3215272e4a12832eaf94504d694383bec
e46c8ded7ae8965e2881e946441d5a65cfb6937e9f97d1351c70658c5818ba88

HTTP Headers

GET /media/images/film/bio/s350_700/chim-boi-ca-1665899828.jpg HTTP/1.1
Host: m3.nguonhay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:22 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Mon, 24 Oct 2022 16:27:41 GMT
ETag: "15256-5ebca453fbe31"
Accept-Ranges: bytes
Content-Length: 86614
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/jpeg

nguonphimc.com/themes/np/images/icon-search-menu.png

94.242.50.163

200 OK

1.2 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/images/icon-search-menu.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1229 bytes)
Hash
e573652e7d75f6471431e9fd48ca706c
ef9de78ae35eb6d6f3e04744612c7bed87c3a5ee
49cd4ed8ef5f3b960bdb9a9024f1b4a83b96e39425a339fd1afc2486709c432b

HTTP Headers

GET /themes/np/images/icon-search-menu.png HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:00 GMT
Accept-Ranges: bytes
Content-Length: 1229
Cache-Control: max-age=2592000, public
Expires: Sun, 19 May 2024 03:37:23 GMT
Connection: close
Content-Type: image/png

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

167 B

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Apr 2024 03:37:23 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 19 Apr 2024 04:37:23 GMT
Location: https://downstairsnegotiatebarren.com/sfp.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yx0X1rYEju7F%2BHbWavcB5oLSNQDs7Ff%2FUb7zU5NVVLScyaKRvYOK4kFzVLUOJEBOeFdhog3MnjdPsYqm42GiXbQ0l12hxuU%2BbTLGm7ATLoZLnE4CzMz28E7OFE3dcaoMimCRg%2Ft2x23dWUgC6a0Wbg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8769db0f6e17b4ff-OSL
alt-svc: h2=":443"; ma=60

nguonphimc.com/themes/np/fonts/fontawesome-webfont.woff2?v=4.7.0

94.242.50.163

200 OK

77 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /themes/np/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:14:59 GMT
Accept-Ranges: bytes
Content-Length: 77160
Cache-Control: max-age=2592000
Expires: Sun, 19 May 2024 03:37:23 GMT
X-UA-Compatible: IE=edge,chrome=1
Connection: close

fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

142.250.74.131

200 OK

128 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 21:27:45 GMT
expires: Tue, 15 Apr 2025 21:27:45 GMT
cache-control: public, max-age=31536000
age: 281378
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

142.250.74.131

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16552, version 1.0
Size
17 kB (16552 bytes)
Hash
283c40f79deab0300df8b3ffd86dfc7b
2ef09414a573ac59f4b37e81c8b8a881244b345f
35e5eea83f2e5f2bad1213aa4b4aef30a380720e35c1821f19bc894f8e61e406

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:33:39 GMT
expires: Fri, 18 Apr 2025 02:33:39 GMT
cache-control: public, max-age=31536000
age: 90224
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

142.250.74.131

200 OK

12 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11872, version 1.0
Size
12 kB (11872 bytes)
Hash
87ace20058325aa069320aa4af875dff
b743548770c46d905ae1ba06310bc001c587fe8e
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:19:30 GMT
expires: Wed, 16 Apr 2025 01:19:30 GMT
cache-control: public, max-age=31536000
age: 267473
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

142.250.74.131

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35328, version 1.0
Size
35 kB (35328 bytes)
Hash
7670dba29aa2a1560c5d711ea6f6b369
6a2a620d2972f139c804c5a8363c91eb1a7595f6
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:27:30 GMT
expires: Fri, 18 Apr 2025 17:27:30 GMT
cache-control: public, max-age=31536000
age: 36593
last-modified: Thu, 14 Dec 2023 02:00:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto+Condensed:300,300i,400,400i,700,700i&subset=latin-ext,vietnamese

142.250.74.106

200 OK

17 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto+Condensed:300,300i,400,400i,700,700i&subset=latin-ext,vietnamese
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
17 kB (16585 bytes)
Hash
5fa0b0e7c65bfa7808c73f2ace248f66
617d9878d8d990ebd155b894e5f7ed60be40fa40
b5f40c25eac09e24b8f98ca7d7577574e37fe30610df9b159f18eb45b5b54a4e

HTTP Headers

GET /css?family=Roboto+Condensed:300,300i,400,400i,700,700i&subset=latin-ext,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 03:37:22 GMT
date: Fri, 19 Apr 2024 03:37:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

142.250.74.131

200 OK

5.6 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5560, version 1.0
Size
5.6 kB (5560 bytes)
Hash
ca3b09b62fda648a4511700413313fd0
109cd4c5435bd6614391bb8722c47c287c96b2ec
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5560
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:39:02 GMT
expires: Fri, 18 Apr 2025 02:39:02 GMT
cache-control: public, max-age=31536000
age: 89901
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 233451
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 243171
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

142.250.74.131

200 OK

5.5 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5548, version 1.0
Size
5.5 kB (5548 bytes)
Hash
cdaab83619fcacd4027a77c99dd51e69
9e6eae8554f8cc2309b2dae2d9fa217e34eed6a4
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5548
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:45:59 GMT
expires: Fri, 18 Apr 2025 02:45:59 GMT
cache-control: public, max-age=31536000
age: 89484
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

3.123.64.179

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
3.123.64.179:443
ASN
#16509 AMAZON-02

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
76713cbd5165b09cff4500aa0dc2edbd
21289e7aa1a1dca602fecfe0d8b06f751657a011
1490c26c8abc2a47433bc3c1809854a14aab131c75219b54348a05873988cbdb

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:37:23 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://nguonphimc.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=c6800e26-d533-4dbb-aba8-173ca4d7ed9b:3:1; expires=Mon, 17 Apr 2034 03:37:23 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 243171
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 243171
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

142.250.74.131

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35328, version 1.0
Size
35 kB (35328 bytes)
Hash
7670dba29aa2a1560c5d711ea6f6b369
6a2a620d2972f139c804c5a8363c91eb1a7595f6
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:27:30 GMT
expires: Fri, 18 Apr 2025 17:27:30 GMT
cache-control: public, max-age=31536000
age: 36593
last-modified: Thu, 14 Dec 2023 02:00:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

142.250.74.131

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16552, version 1.0
Size
17 kB (16552 bytes)
Hash
283c40f79deab0300df8b3ffd86dfc7b
2ef09414a573ac59f4b37e81c8b8a881244b345f
35e5eea83f2e5f2bad1213aa4b4aef30a380720e35c1821f19bc894f8e61e406

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:33:39 GMT
expires: Fri, 18 Apr 2025 02:33:39 GMT
cache-control: public, max-age=31536000
age: 90224
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nguonphimc.com/themes/np/images/bottomNavOFF.png

94.242.50.163

200 OK

1.3 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/images/bottomNavOFF.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1250 bytes)
Hash
840cd790a57c4cee3fb5b50d448dfd3a
976ecfbdaadc569488019ad246b6dfa31bdab85b
d317c5f6a5b4342d84bcc00cb0c99d2ce3c7d6f1044ac8036d722fcbf728baeb

HTTP Headers

GET /themes/np/images/bottomNavOFF.png HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:00 GMT
Accept-Ranges: bytes
Content-Length: 1250
Cache-Control: max-age=2592000, public
Expires: Sun, 19 May 2024 03:37:23 GMT
Connection: close
Content-Type: image/png

nguonphimc.com/themes/np/images/bottomNavON.png

94.242.50.163

200 OK

1.3 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/images/bottomNavON.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1334 bytes)
Hash
0703045e13e1ab8508a2273cbe71d5d6
c2d2f79bb3758de5722cddd94eaf4701078b4d71
698cc5f19fb8e30c2a9d8471e81637cb26e8fcd67a55bfffc9ca651a0c45e90f

HTTP Headers

GET /themes/np/images/bottomNavON.png HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:00 GMT
Accept-Ranges: bytes
Content-Length: 1334
Cache-Control: max-age=2592000, public
Expires: Sun, 19 May 2024 03:37:23 GMT
Connection: close
Content-Type: image/png

nguonphimc.com/themes/np/images/button_km.png

94.242.50.163

200 OK

2.6 kB

URL GET HTTP/1.1
nguonphimc.com/themes/np/images/button_km.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 66 x 50, 8-bit/color RGBA, non-interlaced
Size
2.6 kB (2646 bytes)
Hash
05238f78240b8bb3d2453e866550a011
766a5353d457d5282bb04192072a116073b8666d
aed76e5f2deac5394da887c6b862ab04fbc3e601348006da714310d72c5dfc60

HTTP Headers

GET /themes/np/images/button_km.png HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/themes/np/css/color.css?v=np2.4.8.2
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:15:00 GMT
Accept-Ranges: bytes
Content-Length: 2646
Cache-Control: max-age=2592000, public
Expires: Sun, 19 May 2024 03:37:23 GMT
Connection: close
Content-Type: image/png

fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (510)
Size
1.3 kB (1259 bytes)
Hash
2fba94d16c7ff69308ec5a8ae9aa2454
5da2b2d79240bdd9b821868d702949069baf59a1
24b2ba3ea36e0922cae152a734f9b251699848d854ad5f5ed602f3d9d78b54ea

HTTP Headers

GET /css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 03:37:22 GMT
date: Fri, 19 Apr 2024 03:37:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nguonphimc.com/site/site/checkaccess/

94.242.50.163

200 OK

7 B

URL POST HTTP/1.1
nguonphimc.com/site/site/checkaccess/
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
4e3ca82bee9b6a4b6c6e30ca31234e50
f007b014714adb9c2c7c105e64dfa8448e9ec77a
148ecdac86b94c986a6bb2da57595b2cc4b35afa88e266ec7f30f79530803efb

HTTP Headers

POST /site/site/checkaccess/ HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 105
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 7
Connection: close
Content-Type: text/html; charset=UTF-8

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27970 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nguonphimc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:37:23 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e18c95b6ce38c837bdfef6f03a22f6cf
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 19 Apr 2024 03:37:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jZSDvF8FkhxKDuG3aIfdXbKd3mM09TBNbQjMg5xNYwqdIR%2Bpo1QDuDJ6II52MLsTIg9P7x%2Fx9SqJcESJFqSscs2g9x9oGc7CMCUtmikpPoD9MYCGErh0xR7zF3OJKqI8fxkX3kAaeScVxlYEEK5yrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8769db117be7712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/materialiconsextended/v151/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2

142.250.74.131

200 OK

163 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialiconsextended/v151/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 162924, version 1.0
Size
163 kB (162924 bytes)
Hash
7f2e1b48b71ec58fda4539018a2f56cc
507bf81f52fa8c99bf2c5c8bd59a981899ca9995
7f80c4c91054b3d6c80721939242c2d4f68f15e41f251e12641f695d78eb2f35

HTTP Headers

GET /s/materialiconsextended/v151/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 162924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 15:10:32 GMT
expires: Wed, 16 Apr 2025 15:10:32 GMT
cache-control: public, max-age=31536000
age: 217611
last-modified: Mon, 08 Apr 2024 19:05:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 06:43:51 GMT
expires: Wed, 16 Apr 2025 06:43:51 GMT
cache-control: public, max-age=31536000
age: 248012
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

142.250.74.131

200 OK

5.2 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5224, version 1.0
Size
5.2 kB (5224 bytes)
Hash
a835084624425dacc5e188c6973c1594
1bef196929bffcabdc834c0deefda104eb7a3318
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5224
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:53:44 GMT
expires: Fri, 18 Apr 2025 17:53:44 GMT
cache-control: public, max-age=31536000
age: 35019
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

142.250.74.131

200 OK

12 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11936, version 1.0
Size
12 kB (11936 bytes)
Hash
15d8ede0a816bc7a9838207747c6620c
f6e2e75f1277c66e282553ae6a22661e51f472b8
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11936
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 05:22:41 GMT
expires: Wed, 16 Apr 2025 05:22:41 GMT
cache-control: public, max-age=31536000
age: 252882
last-modified: Mon, 16 Oct 2017 17:33:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

94.242.50.163

200 OK

3.6 kB

URL GET HTTP/1.1
grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
3.6 kB (3639 bytes)
Hash
1d854eb78412b93d31a4bd0063cb22c4
4c1dc39cb505031da42fb674555b7cad397cd81e
e65a2020b829bc693d7c7af114c18f29d8675ae53853a6228ddd07ef4ff4f516

HTTP Headers

GET /embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Set-Cookie: PHPSESSID=ltkkefb5fel2dida0mujhgvks6; path=/
us_session_id=P26368; expires=Sat, 20-Apr-2024 03:37:23 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 3639
Connection: close
Content-Type: text/html; charset=UTF-8

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15436, version 1.0
Size
15 kB (15436 bytes)
Hash
037d830416495def72b7881024c14b7b
619389190b3cafafb5db94113990350acc8a0278
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15436
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 04:01:43 GMT
expires: Wed, 16 Apr 2025 04:01:43 GMT
cache-control: public, max-age=31536000
age: 257740
last-modified: Mon, 16 Oct 2017 17:33:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

142.250.74.131

200 OK

5.2 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5164, version 1.0
Size
5.2 kB (5164 bytes)
Hash
e1d4c2969a3dd92f91fea51f652831ef
ff3be3617b93fca22d758f43920abfa313337bc2
570d2dc2ce988d8ae09147ee2eca5ec53f8d5f036e84e3212bf03503374054e5

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 12:26:13 GMT
expires: Wed, 16 Apr 2025 12:26:13 GMT
cache-control: public, max-age=31536000
age: 227470
last-modified: Mon, 16 Oct 2017 17:33:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 22:10:11 GMT
expires: Tue, 15 Apr 2025 22:10:11 GMT
cache-control: public, max-age=31536000
age: 278832
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2

142.250.74.131

200 OK

5.3 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5284, version 1.0
Size
5.3 kB (5284 bytes)
Hash
6bef514048228359f2f8f5e0235f8599
318cb182661d72332dc8a8316d2e6df0332756c4
135d563a494b1f8e6196278b7f597258a563f1438f5953c6fbef106070f66ec8

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://fundingchoicesmessages.google.com/
Origin: https://fundingchoicesmessages.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5284
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:54:26 GMT
expires: Wed, 16 Apr 2025 01:54:26 GMT
cache-control: public, max-age=31536000
age: 265377
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/am=gKEb/d=1/excm=_b,_tp,allowadsview/ed=1/dg=0/wt=2/ujg=1/rs=AJlcJMyk_vGx5h43VSCi6ky069QGFQvtIA/m=_b,_tp

142.250.74.35

200 OK

56 kB

URL GET HTTP/2
www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/am=gKEb/d=1/excm=_b,_tp,allowadsview/ed=1/dg=0/wt=2/ujg=1/rs=AJlcJMyk_vGx5h43VSCi6ky069QGFQvtIA/m=_b,_tp
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (2331)
Size
56 kB (55653 bytes)
Hash
65e864be75ee444565658d67774b0c54
7f0f29fd4bb9ca93150b786e4f48f5c2f8bca773
db02c8b4797a18ccbe137c9fc2de340c332ff76454cfd1aaa1e8545766b8ba8f

HTTP Headers

GET /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/am=gKEb/d=1/excm=_b,_tp,allowadsview/ed=1/dg=0/wt=2/ujg=1/rs=AJlcJMyk_vGx5h43VSCi6ky069QGFQvtIA/m=_b,_tp HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/content-ads-contributor-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/content-ads-contributor-boq-js-css-signers"
report-to: {"group":"boq-infra/content-ads-contributor-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/content-ads-contributor-boq-js-css-signers"}]}
content-length: 55653
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 15:17:07 GMT
expires: Fri, 18 Apr 2025 15:17:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Wed, 17 Apr 2024 21:34:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 44416
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

m3.nguonphim.net/media/images/1/favi/favicon-1498701606.png

94.242.50.163

200 OK

18 kB

URL GET HTTP/1.1
m3.nguonphim.net/media/images/1/favi/favicon-1498701606.png
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
PNG image data, 46 x 48, 8-bit/color RGBA, non-interlaced
Size
18 kB (17873 bytes)
Hash
e6f4a93efe2d93e885abcbb4cc09cd4a
e4f94b9e95b40e30b215228316bb7f8c48d08ed2
93b7bbea433aa41f6efb860d3d9777d363f9e64fc1ad4186cd9ef525bbee9c94

HTTP Headers

GET /media/images/1/favi/favicon-1498701606.png HTTP/1.1
Host: m3.nguonphim.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 05 Jul 2017 04:14:59 GMT
ETag: "45d1-5538a3e52eb40"
Accept-Ranges: bytes
Content-Length: 17873
Cache-Control: max-age=5184000, public
Expires: Tue, 18 Jun 2024 03:37:23 GMT
Access-Control-Allow-Origin: *
Connection: close
Content-Type: image/png

grab.nguonphimc.com/js/main.min.js?v=2.4.8.2

94.242.50.163

200 OK

5.6 kB

URL GET HTTP/1.1
grab.nguonphimc.com/js/main.min.js?v=2.4.8.2
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17159)
Size
5.6 kB (5620 bytes)
Hash
2f3514d630f0195787c0f99778202f3c
2ce2883a59c655b8e02d644a1449fcdfdf604486
23b47b8eb144a359fdd87940db44e0420e7e0062f3cbba762e0e22c35afb3749

HTTP Headers

GET /js/main.min.js?v=2.4.8.2 HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Sat, 02 May 2020 19:55:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:23 GMT
Content-Length: 5620
Connection: close
Content-Type: application/javascript; charset=utf-8

grab.nguonphimc.com/assets/3bd14e95/jquery.min.js

94.242.50.163

200 OK

34 kB

URL GET HTTP/1.1
grab.nguonphimc.com/assets/3bd14e95/jquery.min.js
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

File type
JavaScript source, ASCII text, with very long lines (32077)
Size
34 kB (33693 bytes)
Hash
0fca26b5a37a66d68d0f4406976be4b5
ee000eb654b3bd37185665d3901e93b34ce1aa52
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

HTTP Headers

GET /assets/3bd14e95/jquery.min.js HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 09:07:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:23 GMT
Content-Length: 33693
Connection: close
Content-Type: application/javascript; charset=utf-8

grab.nguonphimc.com/assets/b2993a05/jwplayer.js?ver=2.4.8.2

94.242.50.163

200 OK

39 kB

URL GET HTTP/1.1
grab.nguonphimc.com/assets/b2993a05/jwplayer.js?ver=2.4.8.2
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65140)
Size
39 kB (39208 bytes)
Hash
637800d55d2ac43cd3c4a864fac04661
bfb57b2bbe30a271e945e5d36027d69fb01b24cf
2aac7ee38577a71b8f0ec381c7836fc29274407517b9038e879fa762651dc5fc

HTTP Headers

GET /assets/b2993a05/jwplayer.js?ver=2.4.8.2 HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 09:07:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:23 GMT
Content-Length: 39208
Connection: close
Content-Type: application/javascript; charset=utf-8

www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=BWd0oe

142.250.74.35

200 OK

15 kB

URL GET HTTP/3
www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=BWd0oe
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (1424)
Size
15 kB (15156 bytes)
Hash
124ba95b2ec12aff22f988c42b14d353
e506202fff14601dba2b44d807b1319968bb3216
50aff2092ce10805752997b823e0bb7490112ff66b9f2d00eaa8b6cada98a873

HTTP Headers

GET /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=BWd0oe HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/content-ads-contributor-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/content-ads-contributor-boq-js-css-signers"
report-to: {"group":"boq-infra/content-ads-contributor-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/content-ads-contributor-boq-js-css-signers"}]}
content-length: 15156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 03:37:05 GMT
expires: Sat, 19 Apr 2025 03:37:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Sun, 14 Apr 2024 07:33:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 18
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

grab.nguonphimc.com/themes/np/css/color.css?v=2.4.8.2

94.242.50.163

200 OK

80 kB

URL GET HTTP/1.1
grab.nguonphimc.com/themes/np/css/color.css?v=2.4.8.2
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
Size
80 kB (80132 bytes)
Hash
9ccfae82c1f9be3cf7c148a39228f53c
9abd7857d28f34c5007b11ee53d2818482775163
d962cf8c297e2b013c20dadac3f99d1af50957de8e1d1de8b4ea960fbd6fd7b6

HTTP Headers

GET /themes/np/css/color.css?v=2.4.8.2 HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Wed, 30 Nov 2022 08:58:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000, proxy-revalidate
Expires: Sat, 19 Apr 2025 03:37:23 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8

fundingchoicesmessages.google.com/s/whitelist?hl=vi

216.58.211.14

200 OK

70 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/s/whitelist?hl=vi
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type
gzip compressed data, max compression
Size
70 kB (70193 bytes)
Hash
877a5e2c01d1c72d25894221f3d2daa4
f9685da83abcbd3e657f1ceef11b6c4f6d124dbb
961bbaedccda87897966bd625cc1184d18c0540bc3859296be47a3ff9833e248

HTTP Headers

GET /s/whitelist?hl=vi HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 19 Apr 2024 03:37:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingAdwallUi/cspreport, script-src 'nonce-XY0PEK7hw3vtoRcaklzNrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingAdwallUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingAdwallUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
reporting-endpoints: default="/_/ContributorServingAdwallUi/web-reports?context=eJzjMtDikmLw1ZBikPj6kkkLiJ3SZ7CGALFP_QzWOCBuvXmOdToQJ_07z1oCxEI8HJ_Ptm9kE3gx78AHRgDV1xnz"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

grab.nguonphimc.com/img/loading_film.gif

94.242.50.163

200 OK

1.9 kB

URL GET HTTP/1.1
grab.nguonphimc.com/img/loading_film.gif
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

File type
GIF image data, version 89a, 34 x 34
Size
1.9 kB (1924 bytes)
Hash
b9d35ba13f16629ec47d785d61d2204c
680ccabf459357685db0c404f4ef23543e735729
43b3f6a202a86e29f40d8a102cf62565fcdc07cebb55185f13eb86b0fbc8c5e6

HTTP Headers

GET /img/loading_film.gif HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Mon, 25 Dec 2017 07:17:53 GMT
Accept-Ranges: bytes
Content-Length: 1924
Cache-Control: max-age=2592000, public
Expires: Sun, 19 May 2024 03:37:24 GMT
Connection: close
Content-Type: image/gif

www.gstatic.com/fundingchoices/allowads/blockers/firefox/browser_abp-2.png

142.250.74.35

200 OK

7.4 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/browser_abp-2.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
PNG image data, 794 x 184, 8-bit colormap, non-interlaced
Size
7.4 kB (7390 bytes)
Hash
3d77be4b727c5ff097bcac7eb68c09f9
785be4dc822e6817dbc03b69246cd089436bf108
b77a4547e701c49192847e60735a7027f0910a0df2ccf6d6193dcf1e4a74f719

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/browser_abp-2.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7390
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 21:55:20 GMT
expires: Tue, 15 Apr 2025 21:55:20 GMT
cache-control: public, max-age=31536000
age: 279724
last-modified: Tue, 19 Oct 2021 16:18:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/uo_allowads_icon-1.png

142.250.74.35

200 OK

1.1 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/uo_allowads_icon-1.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
PNG image data, 117 x 127, 8-bit colormap, non-interlaced
Size
1.1 kB (1071 bytes)
Hash
975c9f127c385e3699795a74098872d8
a83d8ebdda4fc135a66de267850c9f573a52b9fe
5caf71572cd2c4167c04a6ecef78d7b407e460b0517c9b11df5cc0c0b9a0d320

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/uo_allowads_icon-1.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1071
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:28:24 GMT
expires: Fri, 18 Apr 2025 17:28:24 GMT
cache-control: public, max-age=31536000
age: 36540
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/browser_ab-2.png

142.250.74.35

200 OK

7.7 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/browser_ab-2.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
PNG image data, 794 x 184, 8-bit colormap, non-interlaced
Size
7.7 kB (7688 bytes)
Hash
13a0bd1dcfc87f4f19579dc5b059af16
82aa8a7312d5023667edc1565962ddfdfb99a678
818af03e73fcb8964cc644383aa9a2ca4db0b1d8634fbdc9216d8a1d460aab6c

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/browser_ab-2.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7688
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 20:31:55 GMT
expires: Tue, 15 Apr 2025 20:31:55 GMT
cache-control: public, max-age=31536000
age: 284729
last-modified: Tue, 19 Oct 2021 16:18:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/browser_uo-2.png

142.250.74.35

200 OK

7.2 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/browser_uo-2.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
PNG image data, 794 x 184, 8-bit colormap, non-interlaced
Size
7.2 kB (7205 bytes)
Hash
2ca4823b87ee46e5d7a641195cfde652
1d0b4aceb1b0276cbdffaa84facd66b5fe41c714
3d74f9a6b34a1f9936cf3fdcf33ec06f48b602a7202396dcc3aef424a54e5413

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/browser_uo-2.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:42:16 GMT
expires: Fri, 18 Apr 2025 17:42:16 GMT
cache-control: public, max-age=31536000
age: 35708
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/abp_power_icon-1.svg

142.250.74.35

200 OK

731 B

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/abp_power_icon-1.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
SVG Scalable Vector Graphics image
Size
731 B (731 bytes)
Hash
c663022865c526afe63691faf0d14725
f1e821f6920fc1b9db40ccf35ed0f6fb54ea8592
56ff7605344ed5eb3a68f8edc6b048658ee714bdfed56d487cb1e1bb62eb24f8

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/abp_power_icon-1.svg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 731
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 09:59:27 GMT
expires: Wed, 16 Apr 2025 09:59:27 GMT
cache-control: public, max-age=31536000
age: 236277
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/abp_icon-1.svg

142.250.74.35

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/abp_icon-1.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1772 bytes)
Hash
32014d3c673c214354e3236b76047386
f01e5134d98ab4029bb6b7022b00516c9df35b37
bf72e9d16e37c6c685185dfc73478765de0cb102f34872cd90cc28b6a9ab3736

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/abp_icon-1.svg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1772
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 03:19:24 GMT
expires: Fri, 18 Apr 2025 03:19:24 GMT
cache-control: public, max-age=31536000
age: 87480
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/uo_icon-1.svg

142.250.74.35

200 OK

1.3 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/uo_icon-1.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1258 bytes)
Hash
9d378dcff1b89001c348f1df4564ba48
d81c2c163657754563fcd33b793dc36cd6b3a21e
f194962656d2b52acaba476410973194ffc377f15f8710a25b7fbee9fd99a2df

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/uo_icon-1.svg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1258
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:42:16 GMT
expires: Fri, 18 Apr 2025 17:42:16 GMT
cache-control: public, max-age=31536000
age: 35708
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=soHxf

142.250.74.35

200 OK

9.3 kB

URL GET HTTP/3
www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=soHxf
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (1226)
Size
9.3 kB (9278 bytes)
Hash
0df69be878f840c3ece59615858c5009
65d903b30ab94d986ae198622811f39576d4da4c
b51d740f6556a23458f1715f7183de04394c359a5d5645175c914c880a7e0a16

HTTP Headers

GET /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=soHxf HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/content-ads-contributor-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/content-ads-contributor-boq-js-css-signers"
report-to: {"group":"boq-infra/content-ads-contributor-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/content-ads-contributor-boq-js-css-signers"}]}
content-length: 9278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 03:37:05 GMT
expires: Sat, 19 Apr 2025 03:37:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Sun, 14 Apr 2024 07:33:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 19
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/ab_icon-1.svg

142.250.74.35

200 OK

15 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/ab_icon-1.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
SVG Scalable Vector Graphics image
Size
15 kB (15403 bytes)
Hash
419033f4f0383492c93db1e6b5e7fa23
96584fdfb4d58c70fb1db6dfc128db296e5cf4e0
c75fbc4fd1beb52bbe64df89d8c402290f5b23bb518abbdd159a268aa0a5f782

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/ab_icon-1.svg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 15403
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 03:19:24 GMT
expires: Fri, 18 Apr 2025 03:19:24 GMT
cache-control: public, max-age=31536000
age: 87480
last-modified: Tue, 19 Oct 2021 16:18:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/fundingchoices/allowads/blockers/firefox/uo_refresh_icon-1.svg

142.250.74.35

200 OK

1.5 kB

URL GET HTTP/3
www.gstatic.com/fundingchoices/allowads/blockers/firefox/uo_refresh_icon-1.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1492 bytes)
Hash
606c949e5f626ea9a5a1a1a346209c59
f7700e18535dbb3108d50acbcd6f4f18a533843b
bc6e55b647b6656e06c02477e957a9ab8dd2164058f8046bf2c5522a219b7e98

HTTP Headers

GET /fundingchoices/allowads/blockers/firefox/uo_refresh_icon-1.svg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1492
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:33:37 GMT
expires: Fri, 18 Apr 2025 17:33:37 GMT
cache-control: public, max-age=31536000
age: 36227
last-modified: Tue, 19 Oct 2021 16:18:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp,soHxf/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk

142.250.74.35

200 OK

3.5 kB

URL GET HTTP/3
www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp,soHxf/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (763)
Size
3.5 kB (3490 bytes)
Hash
ab1564f0dc81e3cdd5ded3cc022d6364
821fe2a008e172df73c12e0a3d2eb6da3c4cb717
872b63440dfdc5f5b4b42cddd6aa1ce863efcd72d3816e927dcd3cd65c2b06c3

HTTP Headers

GET /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,_b,_tp,soHxf/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/content-ads-contributor-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/content-ads-contributor-boq-js-css-signers"
report-to: {"group":"boq-infra/content-ads-contributor-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/content-ads-contributor-boq-js-css-signers"}]}
content-length: 3490
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 03:37:05 GMT
expires: Sat, 19 Apr 2025 03:37:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Sun, 14 Apr 2024 07:33:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 19
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

142.250.74.35

200 OK

13 kB

URL GET HTTP/3
www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (1600)
Size
13 kB (12692 bytes)
Hash
ab199b9dc5faf341e688a4c9196b0874
fdf2ccb808e05f2789ced334d3d18e13ec59d71c
454a7e35fa7a6c0a52d616009ce1964375308a1b839a87095780df64b70c4e0e

HTTP Headers

GET /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/content-ads-contributor-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/content-ads-contributor-boq-js-css-signers"
report-to: {"group":"boq-infra/content-ads-contributor-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/content-ads-contributor-boq-js-css-signers"}]}
content-length: 12692
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 03:37:05 GMT
expires: Sat, 19 Apr 2025 03:37:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Sun, 14 Apr 2024 07:33:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 19
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,EFQ78c,FCpbqb,LEikZe,WhJNk,Wt6vjf,_b,_tp,byfTOb,hhhU8,lsjVmc,lwddkf,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd

142.250.74.35

200 OK

12 kB

URL GET HTTP/3
www.gstatic.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,EFQ78c,FCpbqb,LEikZe,WhJNk,Wt6vjf,_b,_tp,byfTOb,hhhU8,lsjVmc,lwddkf,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fundingchoicesmessages.google.com/s/whitelist?hl=vi
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (2968)
Size
12 kB (11750 bytes)
Hash
f5c7fc324e43f85696f2873b1fe2a8d4
7d90bee3a4626a8766fad6ba57e8a065b9c5d19f
5485453d1c290f9728e0756544aea1360eaf9a5b5555d1017b69d213d3d82455

HTTP Headers

GET /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingAdwallUi.vi.pWvgqKnqE8Y.es5.O/ck=boq-content-ads-contributor.ContributorServingAdwallUi.payteTO1wl8.L.F4.O/am=gKEb/d=1/exm=BWd0oe,EFQ78c,FCpbqb,LEikZe,WhJNk,Wt6vjf,_b,_tp,byfTOb,hhhU8,lsjVmc,lwddkf,soHxf,ws9Tlc/excm=_b,_tp,allowadsview/ed=1/wt=2/ujg=1/rs=AJlcJMzSUfO5Mm9PUNsFdowDQWxkjdegOQ/ee=EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;NPKaK:PVlQOd;SNUn3:ZwDk9d;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fundingchoicesmessages.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/content-ads-contributor-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/content-ads-contributor-boq-js-css-signers"
report-to: {"group":"boq-infra/content-ads-contributor-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/content-ads-contributor-boq-js-css-signers"}]}
content-length: 11750
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 03:37:05 GMT
expires: Sat, 19 Apr 2025 03:37:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Sun, 14 Apr 2024 07:33:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 19
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

stripherselfscuba.com/sbar.json?key=5b28bb3338748187b2166508de2d96b3&uuid=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1

172.240.108.68

200 OK

8.5 kB

URL GET HTTP/1.1
stripherselfscuba.com/sbar.json?key=5b28bb3338748187b2166508de2d96b3&uuid=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectstripherselfscuba.com
Fingerprint27:09:AC:8B:2B:B3:33:5D:E9:D5:03:33:75:F8:E2:63:AA:1A:2B:92
ValidityTue, 16 Apr 2024 13:43:56 GMT - Mon, 15 Jul 2024 13:43:55 GMT

File type
JSON text data
Size
8.5 kB (8450 bytes)
Hash
1dede291d8797856fc4c6893e7ee3ed0
4a1601e3098f3bc65a9f907b25e6bc8bd20c79bb
ae12dd1008d08db3ffb98639cec074c4bfbd12e73ccf44446936709c97c42542

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=5b28bb3338748187b2166508de2d96b3&uuid=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1 HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://nguonphimc.com
Access-Control-Allow-Origin: http://nguonphimc.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17093374; expires=Sat, 20 Apr 2024 03:37:24 GMT; secure; SameSite=None
uid_id2=c6800e26-d533-4dbb-aba8-173ca4d7ed9b:3:1; expires=Fri, 26 Apr 2024 03:37:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 20 Apr 2024 03:37:24 GMT; secure; SameSite=None
uncs=1; expires=Sat, 20 Apr 2024 03:37:24 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 20 Apr 2024 03:37:24 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 20 Apr 2024 03:37:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58834516fe5789c93535e3fca30ba965
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

grab.nguonphimc.com/themes/np/fonts/fontawesome-webfont.woff2?v=4.7.0

94.242.50.163

200 OK

77 kB

URL GET HTTP/1.1
grab.nguonphimc.com/themes/np/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /themes/np/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/themes/np/css/color.css?v=2.4.8.2
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Fri, 19 Jan 2018 09:14:59 GMT
Accept-Ranges: bytes
Content-Length: 77160
Cache-Control: max-age=2592000
Expires: Sun, 19 May 2024 03:37:24 GMT
X-UA-Compatible: IE=edge,chrome=1
Connection: close

fonts.googleapis.com/css?family=Roboto+Condensed:300,300i,400,400i,700,700i&subset=latin-ext,vietnamese

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto+Condensed:300,300i,400,400i,700,700i&subset=latin-ext,vietnamese
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
1.3 kB (1344 bytes)
Hash
a1d357e4b9766c27e5cdf49ad3e9be1d
46b8bc9ac3ad287776be04632a0b8b6bef7173bb
0c0fd4c32b25716d2ae1f02064a7e083ed91a0b9d25290f4f2d8fd738c221121

HTTP Headers

GET /css?family=Roboto+Condensed:300,300i,400,400i,700,700i&subset=latin-ext,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 03:37:24 GMT
date: Fri, 19 Apr 2024 03:37:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

stripherselfscuba.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2Bt3gx8D19ElNxEGMVDhOxs%2F5jpmTGHxTWuLG6yIVH0IlLVVTMpt7qrqeqanuwpGJAcB%2B9C75tNlpgg5g8w6mzAw4qQ8bQH9yKIBw%2BKEhBEZCaDi5%2FL5%2FOp9wpevVcf7bpjEsLRo%2FMX9I5Uiq60Gn79zLtBcK6%2BKTM3rA878ftx81zdDF7pxg3%2F5fobItnWK6Ef%2BH7gB%2FV1aURPD1dmIGR%2Brxs0un6jGTaCVhND89%2FdOg%2BWeuCDY%2FIsJJ%2FWHnqnIZMJsvTz88JuFzo%2F%2B3rqFC20wYDvv51tZ7rMkJ6MPeOhl%2B0v2ND20foD6OzWXC704F8ik1PiffMALNtfiAQb7M11MgWRgfH%2FoxxMINQEkk6Q6BuQ%2FBEBEo6LW8jS2xe1Kem1JyidoVNSe%2Fw7ZDkltR9OI0s%2FW1NyWL%2BilSukziyGvQpyOIHsT5C7AxQ7S5DlAZLiQ0j%2BHVl5vIks3duySkPyo5eSuOP7IoyXeSuKlpucsWXKaGc5aEcJbfK24F02N0jKCWRvAiVGoPYUnPXgpAfX8%2BByDyk%2FqidBELR9nlC%2F002SiLcFi7kf0HYvoIEfd%2BCS2RtGKPIREjVCYq4jN9exLUcw7ivYqxUs92ALggGvUAqC0hKUlKCUBGVBUA6qW1zZ0Fa3ubKOBYseLnpUjXXR36W3dNEXGQE1Ixhe7ebH5JmZgV5t%2Bje2xVG9xcIOY1EUddrNTtBpszCI45bf4SLk3ZhFsLKCtEug1sPOLMyv15DP%2BourYPQAVh0gkR6oex60rECvVtjJ7mZ9p7Ni0Eh0Cq4r5EUNxTVvVx2T5%2BYJXvzzDERyuPozuzD97c5fSEyF3FT4QD4k6Kub48u6JHuXdWnJ%2Fa28kKncobN0rxS0ELVP3xTXSm34xnk7uvNqMgNm4723hC02acZl1rfk7prkXJh1bRJBvtiw7wh2ydmra85kLt%2B89Nr6RpobYa3U2QRUTsn%2F3vsFiZySpz%2F5dv5xzz7VhDQTGFchdYdkUZB6giS%2FDpsfrv4YzQtWExh1wmG5h9JVYxOyk0MlCZQ42SmrYMWJCUwcfvnrE2xs6Ow2ldWuvYm%2BWQItbiBLKwxMhYGqQNUI1p0aF7k5XP1%2BIYOppTFTZmmPKaM%2Bnts8JRtb92HlUb0dRT6Nu62g3aaizZphpxcHnNKwGYdxTCMUdtp74ac%2F%2FgEAAP%2F%2FAQAA%2F%2F%2Fz%2BBuvkgQAAA%3D%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
stripherselfscuba.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2Bt3gx8D19ElNxEGMVDhOxs%2F5jpmTGHxTWuLG6yIVH0IlLVVTMpt7qrqeqanuwpGJAcB%2B9C75tNlpgg5g8w6mzAw4qQ8bQH9yKIBw%2BKEhBEZCaDi5%2FL5%2FOp9wpevVcf7bpjEsLRo%2FMX9I5Uiq60Gn79zLtBcK6%2BKTM3rA878ftx81zdDF7pxg3%2F5fobItnWK6Ef%2BH7gB%2FV1aURPD1dmIGR%2Brxs0un6jGTaCVhND89%2FdOg%2BWeuCDY%2FIsJJ%2FWHnqnIZMJsvTz88JuFzo%2F%2B3rqFC20wYDvv51tZ7rMkJ6MPeOhl%2B0v2ND20foD6OzWXC704F8ik1PiffMALNtfiAQb7M11MgWRgfH%2FoxxMINQEkk6Q6BuQ%2FBEBEo6LW8jS2xe1Kem1JyidoVNSe%2Fw7ZDkltR9OI0s%2FW1NyWL%2BilSukziyGvQpyOIHsT5C7AxQ7S5DlAZLiQ0j%2BHVl5vIks3duySkPyo5eSuOP7IoyXeSuKlpucsWXKaGc5aEcJbfK24F02N0jKCWRvAiVGoPYUnPXgpAfX8%2BByDyk%2FqidBELR9nlC%2F002SiLcFi7kf0HYvoIEfd%2BCS2RtGKPIREjVCYq4jN9exLUcw7ivYqxUs92ALggGvUAqC0hKUlKCUBGVBUA6qW1zZ0Fa3ubKOBYseLnpUjXXR36W3dNEXGQE1Ixhe7ebH5JmZgV5t%2Bje2xVG9xcIOY1EUddrNTtBpszCI45bf4SLk3ZhFsLKCtEug1sPOLMyv15DP%2BourYPQAVh0gkR6oex60rECvVtjJ7mZ9p7Ni0Eh0Cq4r5EUNxTVvVx2T5%2BYJXvzzDERyuPozuzD97c5fSEyF3FT4QD4k6Kub48u6JHuXdWnJ%2Fa28kKncobN0rxS0ELVP3xTXSm34xnk7uvNqMgNm4723hC02acZl1rfk7prkXJh1bRJBvtiw7wh2ydmra85kLt%2B89Nr6RpobYa3U2QRUTsn%2F3vsFiZySpz%2F5dv5xzz7VhDQTGFchdYdkUZB6giS%2FDpsfrv4YzQtWExh1wmG5h9JVYxOyk0MlCZQ42SmrYMWJCUwcfvnrE2xs6Ow2ldWuvYm%2BWQItbiBLKwxMhYGqQNUI1p0aF7k5XP1%2BIYOppTFTZmmPKaM%2Bnts8JRtb92HlUb0dRT6Nu62g3aaizZphpxcHnNKwGYdxTCMUdtp74ac%2F%2FgEAAP%2F%2FAQAA%2F%2F%2Fz%2BBuvkgQAAA%3D%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectstripherselfscuba.com
Fingerprint27:09:AC:8B:2B:B3:33:5D:E9:D5:03:33:75:F8:E2:63:AA:1A:2B:92
ValidityTue, 16 Apr 2024 13:43:56 GMT - Mon, 15 Jul 2024 13:43:55 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2Bt3gx8D19ElNxEGMVDhOxs%2F5jpmTGHxTWuLG6yIVH0IlLVVTMpt7qrqeqanuwpGJAcB%2B9C75tNlpgg5g8w6mzAw4qQ8bQH9yKIBw%2BKEhBEZCaDi5%2FL5%2FOp9wpevVcf7bpjEsLRo%2FMX9I5Uiq60Gn79zLtBcK6%2BKTM3rA878ftx81zdDF7pxg3%2F5fobItnWK6Ef%2BH7gB%2FV1aURPD1dmIGR%2Brxs0un6jGTaCVhND89%2FdOg%2BWeuCDY%2FIsJJ%2FWHnqnIZMJsvTz88JuFzo%2F%2B3rqFC20wYDvv51tZ7rMkJ6MPeOhl%2B0v2ND20foD6OzWXC704F8ik1PiffMALNtfiAQb7M11MgWRgfH%2FoxxMINQEkk6Q6BuQ%2FBEBEo6LW8jS2xe1Kem1JyidoVNSe%2Fw7ZDkltR9OI0s%2FW1NyWL%2BilSukziyGvQpyOIHsT5C7AxQ7S5DlAZLiQ0j%2BHVl5vIks3duySkPyo5eSuOP7IoyXeSuKlpucsWXKaGc5aEcJbfK24F02N0jKCWRvAiVGoPYUnPXgpAfX8%2BByDyk%2FqidBELR9nlC%2F002SiLcFi7kf0HYvoIEfd%2BCS2RtGKPIREjVCYq4jN9exLUcw7ivYqxUs92ALggGvUAqC0hKUlKCUBGVBUA6qW1zZ0Fa3ubKOBYseLnpUjXXR36W3dNEXGQE1Ixhe7ebH5JmZgV5t%2Bje2xVG9xcIOY1EUddrNTtBpszCI45bf4SLk3ZhFsLKCtEug1sPOLMyv15DP%2BourYPQAVh0gkR6oex60rECvVtjJ7mZ9p7Ni0Eh0Cq4r5EUNxTVvVx2T5%2BYJXvzzDERyuPozuzD97c5fSEyF3FT4QD4k6Kub48u6JHuXdWnJ%2Fa28kKncobN0rxS0ELVP3xTXSm34xnk7uvNqMgNm4723hC02acZl1rfk7prkXJh1bRJBvtiw7wh2ydmra85kLt%2B89Nr6RpobYa3U2QRUTsn%2F3vsFiZySpz%2F5dv5xzz7VhDQTGFchdYdkUZB6giS%2FDpsfrv4YzQtWExh1wmG5h9JVYxOyk0MlCZQ42SmrYMWJCUwcfvnrE2xs6Ow2ldWuvYm%2BWQItbiBLKwxMhYGqQNUI1p0aF7k5XP1%2BIYOppTFTZmmPKaM%2Bnts8JRtb92HlUb0dRT6Nu62g3aaizZphpxcHnNKwGYdxTCMUdtp74ac%2F%2FgEAAP%2F%2FAQAA%2F%2F%2Fz%2BBuvkgQAAA%3D%3D HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Cookie: u_pl=17093374; uid_id2=c6800e26-d533-4dbb-aba8-173ca4d7ed9b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 59e969701dced2179a5ed98c8eff8650
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

188.114.97.1

200 OK

591 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5581937
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2AUNyh7CVKat3iVNz2NRkhfy3%2BROpcBW9ZDS%2B362gqOSdwM2SisLXO1gPXZSdfpaxdlIYLn84QH6gCv4DMgQwAUE8pg7A4IT6%2FpY8vPykhbi4eEjNI3sMMfYz9xzcloN1jwkzFDE5WGH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8769db18fbf75694-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

717 B

URL GET HTTP/1.1
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:80
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
ASCII text
Size
717 B (717 bytes)
Hash
9cc7d472437c87f6f7ebeb35abec09f1
948bb2b7bf4bbc829015c125e1b6f7859b2948b0
9a39510af72db44fb14d333c52c41da0e90827afcfe78c8f12b367f0a94783b7

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 19 Apr 2024 03:37:24 GMT
Date: Fri, 19 Apr 2024 03:37:24 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=84

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=84
IP
172.240.108.68:80
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=84 HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=31

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=31
IP
172.240.108.68:80
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=31 HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.cloudimagesb.com/si/63/93/4f/63934f19816e914cdf9542ebd1ea81b2/1713364719.png

45.133.44.9

200 OK

79 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/63/93/4f/63934f19816e914cdf9542ebd1ea81b2/1713364719.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
79 kB (78742 bytes)
Hash
056a5db1da586024c4c315659f1a70da
364dbecd8995d974c1a8765edd125a62c9dc6754
ef512fcfc0a38fbc2e0299170bbd0b88e2ba27a20180d33fb989eb4dd8b25e6c

HTTP Headers

GET /si/63/93/4f/63934f19816e914cdf9542ebd1ea81b2/1713364719.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: image/png
content-length: 78742
server: nginx/1.21.6
last-modified: Wed, 17 Apr 2024 14:38:47 GMT
etag: "661fdef7-13396"
expires: Sun, 21 Apr 2024 03:37:24 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css

188.114.97.1

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
4.9 kB (4869 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 18
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohrMPA%2FWCrH0jAan4MvzlGk1U8bpP1UvxulXpgQbIfqDMsy%2FcF2%2BsHoRDI1NPguMfZI3PhHWVp%2BUBLrM8OHFrwqxPiGT1%2FSvTJf%2BGomvwSKRX8D%2FU%2BGn7ByJo6Ap2nowOiSCHYz%2BQCUw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8769db183edc0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

188.114.97.1

200 OK

31 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32025)
Size
31 kB (30612 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5581938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NyBzCVw19isOt%2FvG%2B%2FTOUc38Xyzgsim8fE209%2BEbTM6NKmpxNAeRmEDtLagTDBHL9JPfllHO%2Fq%2B72u55EUPOFOSQ9yVX%2BYxU3g7rLRjfAkrrvx8UCiAtre%2BmRK7M7AXH63ztqLtNGkEd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8769db190bfc5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=c6800e26-d533-4dbb-aba8-173ca4d7ed9b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=5b28bb3338748187b2166508de2d96b3&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=3

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=c6800e26-d533-4dbb-aba8-173ca4d7ed9b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=5b28bb3338748187b2166508de2d96b3&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=3
IP
192.243.59.12:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=c6800e26-d533-4dbb-aba8-173ca4d7ed9b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=5b28bb3338748187b2166508de2d96b3&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=3 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b03f90eae88fd3964fafc5a765889cf
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 16 Apr 2024 20:24:04 GMT
Expires: Wed, 16 Apr 2025 20:24:04 GMT
Cache-Control: public, max-age=31536000
Age: 198801
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 18 Apr 2024 02:58:06 GMT
Expires: Fri, 18 Apr 2025 02:58:06 GMT
Cache-Control: public, max-age=31536000
Age: 88759
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.3

200 OK

447 B

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
gzip compressed data, from Unix
Size
447 B (447 bytes)
Hash
1a6f9600fabfee23ddacba3be718fada
94cf50b770d771b7df163394431fc08776f5be4a
e7853429724a894b03b8c39a12ae3bd14d6e18fb612d77603eb27404e3c641af

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 19 Apr 2024 04:37:24 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

stripherselfscuba.com/pixel/sbs?c=1

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
stripherselfscuba.com/pixel/sbs?c=1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectstripherselfscuba.com
Fingerprint27:09:AC:8B:2B:B3:33:5D:E9:D5:03:33:75:F8:E2:63:AA:1A:2B:92
ValidityTue, 16 Apr 2024 13:43:56 GMT - Mon, 15 Jul 2024 13:43:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Cookie: u_pl=17093374; uid_id2=c6800e26-d533-4dbb-aba8-173ca4d7ed9b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15d-e533614.html

94.242.50.163

200 OK

278 B

URL POST HTTP/1.1
nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15d-e533614.html
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
JSON text data
Size
278 B (278 bytes)
Hash
46acadbb986f185fe0f226c6741c83cd
4071f54d1b08e4b9b657fae4ee8876164138ffe4
55d809fe3625c090dfd566cb4c251060f13c8490e54ab9d737fcbd2e85d3e17e

HTTP Headers

POST /xem-phim/vuong-quoc-cua-gio-f43859-15d-e533614.html HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 87
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1; sb_page_5b28bb3338748187b2166508de2d96b3=1; sb_onpage_5b28bb3338748187b2166508de2d96b3=1; sb_main_5b28bb3338748187b2166508de2d96b3=1; sb_count_5b28bb3338748187b2166508de2d96b3=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 278
Connection: close
Content-Type: text/html; charset=UTF-8

grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533614&aesp=15d&user=P26349&tim=1713497854&key=r1ennKOWVm9kamdkaG5qa2tlYFeoppujk56XVXBhsQ

94.242.50.163

3.6 kB

URL GET
grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533614&aesp=15d&user=P26349&tim=1713497854&key=r1ennKOWVm9kamdkaG5qa2tlYFeoppujk56XVXBhsQ
IP
94.242.50.163:0
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
3.6 kB (3639 bytes)
Hash
a80a6eaa82b16ece0ba170b0ebbfa819
9e0a6e7b58a1923e6a66f9afcf8376a016882d34
810cdaebf9742ecb3979b0f7af21f599b2819b739653463321a82ba26dc64c35

HTTP Headers

GET /embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533614&aesp=15d&user=P26349&tim=1713497854&key=r1ennKOWVm9kamdkaG5qa2tlYFeoppujk56XVXBhsQ HTTP/1.1
Host: grab.nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Cookie: _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; PHPSESSID=ltkkefb5fel2dida0mujhgvks6; us_session_id=P26368
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 3639
Connection: close
Content-Type: text/html; charset=UTF-8

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

188.114.97.1

200 OK

3.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (3537), with no line terminators
Size
3.4 kB (3355 bytes)
Hash
b8a277e051f047a41d3229377460f0c9
596b934114e1b6e3cee15ef19925c7f2ff5607e7
9cf981fe6d59b72cb9d12e4bc958983bac07f16b8f1b40bb1c6ced0bf2d6b2d0

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 18
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFjcQw7vs8iCdaJfSv2vkxY8skmlMZbNkk%2BJfU4FrjGoRueG8JSkyriosmxrouw2RhcSGV%2BVolohXEYvAbEJwETcYaguCPfz3HDwln16NQwoBxFz4PZbdLgs13eg7nSekWvTfMh1XOjP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8769db183edd0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=latin-ext,vietnamese

142.250.74.106

200 OK

82 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=latin-ext,vietnamese
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://grab.nguonphimc.com/embed/vuong-quoc-cua-gio-f43859.html?api=nguonphimc.com&esp=533613&aesp=15c&user=P26349&tim=1713497843&key=rlennKOWVW9kamdkZ25qa2pkX1eoppujkp6XVXBhsA
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (1572)
Size
82 kB (82445 bytes)
Hash
82616926c46483e82c9e0effd92ad431
7def66e1e20fc4cdeb1af4bcad892fbed1be39ba
a6dbd8ee53f621b0e770fd487bf3d5dea24a2c804fa468de5f218305420ff120

HTTP Headers

GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=latin-ext,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://grab.nguonphimc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 03:37:24 GMT
date: Fri, 19 Apr 2024 03:37:24 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nguonphimc.com/site/chatbot/refresh/

94.242.50.163

200 OK

510 B

URL POST HTTP/1.1
nguonphimc.com/site/chatbot/refresh/
IP
94.242.50.163:80
ASN
#43317 SIA VEESP

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type
troff or preprocessor input, ASCII text, with very long lines (563), with no line terminators
Size
510 B (510 bytes)
Hash
bff22fe17036c5b6c547dd78c5bd94cc
cd2313c168a5d83c42c6baef7df6a75ccdd4dfec
7c6d2839a65f9d641c45ece431fc26e1337d947ab6876e82ae13005d5a491ff9

HTTP Headers

POST /site/chatbot/refresh/ HTTP/1.1
Host: nguonphimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 16
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Cookie: PHPSESSID=6e7p16rmec7uov8hvl0a1h0f25; us_session_id=P26349; _ga_DDD7EKFG6W=GS1.1.1713497842.1.0.1713497842.0.0.0; _ga=GA1.1.1963755912.1713497843; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c6800e26-d533-4dbb-aba8-173ca4d7ed9b%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 03:37:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 260
Connection: close
Content-Type: text/html; charset=UTF-8

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.66

200 OK

148 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.66:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
FingerprintED:0D:E8:DC:2E:0E:7D:5F:CB:BE:43:7B:C7:CB:BF:BC:B7:E5:FC:1E
ValidityMon, 04 Mar 2024 06:35:32 GMT - Mon, 27 May 2024 06:35:31 GMT

File type
JavaScript source, ASCII text, with very long lines (3920)
Size
148 kB (147645 bytes)
Hash
c5d2c8eda486422a36848b9616727cd5
420828ca13e969301183b6eb53163a3a5168d246
7d80d206905c8d0472fcd3e47481266934bd7d92a8411991a5bf4cdd0d01e64a

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nguonphimc.com/
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 19 Apr 2024 03:37:23 GMT
expires: Fri, 19 Apr 2024 03:37:23 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 3203851599254655820
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
959a533a3dc02649e0cc3f8f67d942af
34db49ff64aed8b51beaba5b9928ad504a4df335
24864ed3ee6fab66640980d4c24640e579e5583764a8ee8c4f09decf27977247

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 03:37:22 GMT
date: Fri, 19 Apr 2024 03:37:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stripherselfscuba.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tc1R%2B9Lx34Lr6IKN2JMIqLCs3kvXnz441dBGONBNOmtIpuRO6vmVxz37uPe9%2BbN8kqWJAuB%2FfCy5mkobaI%2FQOsOim4iAgdV1mYjSAuXChKQRCRmQ4GP5vP53PPuXDuOfejvfyU1JHTk8tXzI7Smi41a371wrtBcKm6rpJ8UB1ErfdbjUtV23%2Bl06r5L1ffkHzLLNX9wPcDP6iuKiu7ZrA0BaHSe52g1vFrjXotaDYwsP%2FdXe7BUQ%2Bif0qehRKTykPvPBQfI4k%2FvyzdVmbSi6%2FHuaaZseiLw7eTrcQUCeKzsWs9dJPDORvGPVp9AJMczOTC9P8lMjUh3jcPwJLDuUiw%2Fv5MJ9OQCZj4P4r%2BGFKPoegY3NyEEo8IwAWubiCJb181tqDbT1A6RSek8vh3qGJCKj%2BcRxJ%2FtqLVoHrD6DxTJnEYdEuowRiqN0aaHyHbWYAqjsCzD6HEd2Tp8TqSeH%2FDaQMlTl7ircj3Zb21KJphuNgQjC1SRqPFoB1y2hBtKTpsZpBSY6juGFoOQd055M5DrjzkXQ956iEWJ1UeBEHbF5z6UYfzULQlawk%2FoO1uQAO%2FFSHn0zcMkaVDcD0Et7tI7S621BA2%2Fwpus4QTHlxG0BclCklQOIKCEhSKoMgIin55ILSru%2FK20C5nwbzX5z0sRybr7dEDk%2FVkQkDtEFaUe%2BkpeWZqoFeZ%2FI0teVJtsnrEWBiGUbsRBVGb1YNWq%2BlHQtZFp8VCOFVCuQVQ52FnGubXK0in%2FcVlMHoEp4%2FAlQeaPw9alKCbJXaSu0kvN0nWr3ETQ5gSaVZBtu3t6VPy3CzBq39egOTHyz%2BzK5Pf7vwFbkuktsQH6iFBT98aXTcF2b9uCkfub6SZitUOnaZ7I6OZrHz6ptwujBVrl93wzqt8CkzHe29Jl63TRKik58jdFSWEtKvGckm%2BWHPvSHYtd5sruU3ydP3aa6trcWqlc8okY1A1If977xdwNSFPf%2FLt7ONefKoBZceweYk4PybzgjJj8HQXLj1e%2FjGcFZwhsPqMw1IPRV6ObJ2dHWpFoOXZTlkJJ89MYPL4y1%2BfYCNLp7epKvfcLfTsAmh2E0lcom9L9HUJqodw%2BblRltrj5e%2FnMpheGDFtF%2FaZtvrjmc0TsrZxH06dVENftJnsyjaTjWajK7lgzSbzeZezUEQRR%2BYm3Rd%2B%2BuMfAAAA%2F%2F8BAAD%2F%2F3MszkeSBAAA

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
stripherselfscuba.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tc1R%2B9Lx34Lr6IKN2JMIqLCs3kvXnz441dBGONBNOmtIpuRO6vmVxz37uPe9%2BbN8kqWJAuB%2FfCy5mkobaI%2FQOsOim4iAgdV1mYjSAuXChKQRCRmQ4GP5vP53PPuXDuOfejvfyU1JHTk8tXzI7Smi41a371wrtBcKm6rpJ8UB1ErfdbjUtV23%2Bl06r5L1ffkHzLLNX9wPcDP6iuKiu7ZrA0BaHSe52g1vFrjXotaDYwsP%2FdXe7BUQ%2Bif0qehRKTykPvPBQfI4k%2FvyzdVmbSi6%2FHuaaZseiLw7eTrcQUCeKzsWs9dJPDORvGPVp9AJMczOTC9P8lMjUh3jcPwJLDuUiw%2Fv5MJ9OQCZj4P4r%2BGFKPoegY3NyEEo8IwAWubiCJb181tqDbT1A6RSek8vh3qGJCKj%2BcRxJ%2FtqLVoHrD6DxTJnEYdEuowRiqN0aaHyHbWYAqjsCzD6HEd2Tp8TqSeH%2FDaQMlTl7ircj3Zb21KJphuNgQjC1SRqPFoB1y2hBtKTpsZpBSY6juGFoOQd055M5DrjzkXQ956iEWJ1UeBEHbF5z6UYfzULQlawk%2FoO1uQAO%2FFSHn0zcMkaVDcD0Et7tI7S621BA2%2Fwpus4QTHlxG0BclCklQOIKCEhSKoMgIin55ILSru%2FK20C5nwbzX5z0sRybr7dEDk%2FVkQkDtEFaUe%2BkpeWZqoFeZ%2FI0teVJtsnrEWBiGUbsRBVGb1YNWq%2BlHQtZFp8VCOFVCuQVQ52FnGubXK0in%2FcVlMHoEp4%2FAlQeaPw9alKCbJXaSu0kvN0nWr3ETQ5gSaVZBtu3t6VPy3CzBq39egOTHyz%2BzK5Pf7vwFbkuktsQH6iFBT98aXTcF2b9uCkfub6SZitUOnaZ7I6OZrHz6ptwujBVrl93wzqt8CkzHe29Jl63TRKik58jdFSWEtKvGckm%2BWHPvSHYtd5sruU3ydP3aa6trcWqlc8okY1A1If977xdwNSFPf%2FLt7ONefKoBZceweYk4PybzgjJj8HQXLj1e%2FjGcFZwhsPqMw1IPRV6ObJ2dHWpFoOXZTlkJJ89MYPL4y1%2BfYCNLp7epKvfcLfTsAmh2E0lcom9L9HUJqodw%2BblRltrj5e%2FnMpheGDFtF%2FaZtvrjmc0TsrZxH06dVENftJnsyjaTjWajK7lgzSbzeZezUEQRR%2BYm3Rd%2B%2BuMfAAAA%2F%2F8BAAD%2F%2F3MszkeSBAAA
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerLet's Encrypt
Subjectstripherselfscuba.com
Fingerprint27:09:AC:8B:2B:B3:33:5D:E9:D5:03:33:75:F8:E2:63:AA:1A:2B:92
ValidityTue, 16 Apr 2024 13:43:56 GMT - Mon, 15 Jul 2024 13:43:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tc1R%2B9Lx34Lr6IKN2JMIqLCs3kvXnz441dBGONBNOmtIpuRO6vmVxz37uPe9%2BbN8kqWJAuB%2FfCy5mkobaI%2FQOsOim4iAgdV1mYjSAuXChKQRCRmQ4GP5vP53PPuXDuOfejvfyU1JHTk8tXzI7Smi41a371wrtBcKm6rpJ8UB1ErfdbjUtV23%2Bl06r5L1ffkHzLLNX9wPcDP6iuKiu7ZrA0BaHSe52g1vFrjXotaDYwsP%2FdXe7BUQ%2Bif0qehRKTykPvPBQfI4k%2FvyzdVmbSi6%2FHuaaZseiLw7eTrcQUCeKzsWs9dJPDORvGPVp9AJMczOTC9P8lMjUh3jcPwJLDuUiw%2Fv5MJ9OQCZj4P4r%2BGFKPoegY3NyEEo8IwAWubiCJb181tqDbT1A6RSek8vh3qGJCKj%2BcRxJ%2FtqLVoHrD6DxTJnEYdEuowRiqN0aaHyHbWYAqjsCzD6HEd2Tp8TqSeH%2FDaQMlTl7ircj3Zb21KJphuNgQjC1SRqPFoB1y2hBtKTpsZpBSY6juGFoOQd055M5DrjzkXQ956iEWJ1UeBEHbF5z6UYfzULQlawk%2FoO1uQAO%2FFSHn0zcMkaVDcD0Et7tI7S621BA2%2Fwpus4QTHlxG0BclCklQOIKCEhSKoMgIin55ILSru%2FK20C5nwbzX5z0sRybr7dEDk%2FVkQkDtEFaUe%2BkpeWZqoFeZ%2FI0teVJtsnrEWBiGUbsRBVGb1YNWq%2BlHQtZFp8VCOFVCuQVQ52FnGubXK0in%2FcVlMHoEp4%2FAlQeaPw9alKCbJXaSu0kvN0nWr3ETQ5gSaVZBtu3t6VPy3CzBq39egOTHyz%2BzK5Pf7vwFbkuktsQH6iFBT98aXTcF2b9uCkfub6SZitUOnaZ7I6OZrHz6ptwujBVrl93wzqt8CkzHe29Jl63TRKik58jdFSWEtKvGckm%2BWHPvSHYtd5sruU3ydP3aa6trcWqlc8okY1A1If977xdwNSFPf%2FLt7ONefKoBZceweYk4PybzgjJj8HQXLj1e%2FjGcFZwhsPqMw1IPRV6ObJ2dHWpFoOXZTlkJJ89MYPL4y1%2BfYCNLp7epKvfcLfTsAmh2E0lcom9L9HUJqodw%2BblRltrj5e%2FnMpheGDFtF%2FaZtvrjmc0TsrZxH06dVENftJnsyjaTjWajK7lgzSbzeZezUEQRR%2BYm3Rd%2B%2BuMfAAAA%2F%2F8BAAD%2F%2F3MszkeSBAAA HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Cookie: u_pl=17093374; uid_id2=c6800e26-d533-4dbb-aba8-173ca4d7ed9b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dcb8eec254d660686fdbd1fb046d8431
Strict-Transport-Security: max-age=0; includeSubdomains

stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=30

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=30
IP
172.240.108.68:80
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=30 HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

188.114.97.1

200 OK

962 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (1015), with no line terminators
Size
962 B (962 bytes)
Hash
88523e22d10f0cbad31aa1d8276764fa
9238cd9499e01abdbeb33e68c550d26cfb6eaba5
d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nguonphimc.com
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 03:37:24 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 206097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jsNSjiKBdhjksi7bzlu086D4qOMnFuAfof%2B16r5VQuzkaBB%2FDzs0FLTF%2F%2F96xqdUrVV594x%2F97MtnyJXzh5G2BEpP%2B3oZo%2FBuqbRS%2BXBgrTmmXtw07mSjtmQLX2uQ15q5xZhK%2FP4w%2ByL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8769db196c175694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=latin-ext,vietnamese

142.250.74.106

200 OK

82 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=latin-ext,vietnamese
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (1572)
Size
82 kB (82445 bytes)
Hash
82616926c46483e82c9e0effd92ad431
7def66e1e20fc4cdeb1af4bcad892fbed1be39ba
a6dbd8ee53f621b0e770fd487bf3d5dea24a2c804fa468de5f218305420ff120

HTTP Headers

GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=latin-ext,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 03:37:22 GMT
date: Fri, 19 Apr 2024 03:37:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=14

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
stripherselfscuba.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=14
IP
172.240.108.76:80
ASN
#7979 SERVERS-COM

Requested by
http://nguonphimc.com/xem-phim/vuong-quoc-cua-gio-f43859-15c-e533613.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=14 HTTP/1.1
Host: stripherselfscuba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nguonphimc.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 19 Apr 2024 03:37:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (56)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML