GET hocmaivn.com/logo_dh_v2.png
200 OK 25 kB URL GET hocmaivn.com/logo_dh_v2.png
IP
File type PNG image data, 480 x 100, 8-bit/color RGBA, non-interlaced
Hash d672d809ac24ddad4e985fcbdf9e658a
85d912a43044613906fba5ea93e25d954f0b94cb
72aed53e48ad7dc48c9cf2b4761e90ede0c0f06f1c9d29ba8fa7360424e38c51
GET /logo_dh_v2.png HTTP/1.1
Host: hocmaivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Jul 2025 04:08:19 GMT
Content-Type: image/png
Last-Modified: Wed, 10 Aug 2022 17:05:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f3e557-6170"
Expires: Mon, 18 Aug 2025 04:08:19 GMT
Cache-Control: max-age=2592000
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
GET api.share.baidu.com/s.gif?l=http://www.hocmaivn.com/
200 OK 0 B URL GET api.share.baidu.com/s.gif?l=http://www.hocmaivn.com/
IP
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.hocmaivn.com/ HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 19 Jul 2025 05:36:51 GMT
GET sc02.alicdn.com/kf/U2a46ba667cf24dd78a0297440656147bE.png
403 Forbidden 0 B URL GET sc02.alicdn.com/kf/U2a46ba667cf24dd78a0297440656147bE.png
IP
Certificate IssuerGlobalSign nv-sa
Subject*.alicdn.com
FingerprintD9:9D:FA:89:32:D5:CE:F6:C6:DD:E7:8C:70:2A:F3:68:8D:FB:D2:1F
ValidityWed, 23 Apr 2025 06:16:10 GMT - Mon, 25 May 2026 06:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /kf/U2a46ba667cf24dd78a0297440656147bE.png HTTP/1.1
Host: sc02.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
content-type: image/jpeg
content-length: 0
server: Tengine
date: Sat, 19 Jul 2025 05:36:52 GMT
traceid: a3b55cee17529034125867909e
cache-control: max-age=30
ups-target-key: global-filebroker-downstream-s.vipserver
x-protocol: HTTP/1.1
eagleeye-traceid: a3b55cee17529034125867909e
s-brt: 5
timing-allow-origin: *
eagleid: a3b55cee17529034125867909e, a3b55c9a17529034125765342e
server-timing: rt;dur=0.008,eagleid;desc=a3b55cee17529034125867909e,brt;dur=5
via: ens-cache9.l2de3[102,102,403-1280,M], ens-cache12.l2de3[103,0], ens-cache8.de5[104,91,403-1280,C], ens-cache6.de5[93,0], 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
ali-swift-global-savetime: 1752903412
x-swift-error: orig response 4XX error
x-swift-savetime: Sat, 19 Jul 2025 05:36:52 GMT
x-swift-cachetime: 30
x-cache: Error from cloudfront
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: q39mn1CFrRyHpdRTeZbOBRy0MSX9PqqjWnOBIqiqb0xmwxppQqDDoQ==
age: 0
X-Firefox-Spdy: h2
GET vip.aqdm393.com:20844/?f=hocmaivn.com
200 OK 0 B URL GET vip.aqdm393.com:20844/?f=hocmaivn.com
IP
Certificate IssuerUnizeto Technologies S.A.
Subjectvip.aqdm306.com
Fingerprint1E:CC:A8:39:8B:8A:BE:06:90:EB:1A:E4:C3:80:8D:70:D4:5B:F5:83
ValidityThu, 17 Jul 2025 20:47:43 GMT - Sun, 16 Aug 2026 20:47:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?f=hocmaivn.com HTTP/1.1
Host: vip.aqdm393.com:20844
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 19 Jul 2025 05:36:50 GMT
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
200 OK 24 kB IP
File type HTML document, ASCII text, with very long lines (24286), with no line terminators
Hash 07d46dfef0d932834886f53b5a866680
09ec3fb3742e1cc38cbabd9efea1d25aebbc840c
ad16076ef69d2bec25d757900f10d7e9624335b34bfb511b90ddb161845f41e1
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Suspicious Reversed String Inbound (Microsoft)
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET / HTTP/1.1
Host: hocmaivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Jul 2025 04:08:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
GET p1.bdxiguaimg.com/origin/pgc-image/99dd1c03e95d43f791729bd2bc601ecf
200 OK 33 kB URL GET p1.bdxiguaimg.com/origin/pgc-image/99dd1c03e95d43f791729bd2bc601ecf
IP
Certificate IssuerDigiCert Inc
Subject*.bdxiguaimg.com
FingerprintE0:25:B6:DB:63:00:51:D8:79:28:1F:07:7E:F6:0A:1D:EB:36:ED:C2
ValidityMon, 24 Mar 2025 00:00:00 GMT - Mon, 23 Mar 2026 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 752x423, components 3
Hash cac1fdc78dc632fa77c820816224e878
8d8367e4e9515c2842c9ade2d4bd5177d9edf92e
0aa381652fde42580b609bb0b6affa2d16ad890816e29a265d65efdc50e0b3bc
GET /origin/pgc-image/99dd1c03e95d43f791729bd2bc601ecf HTTP/1.1
Host: p1.bdxiguaimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 19 Jul 2025 05:36:50 GMT
content-type: image/jpeg
content-length: 33128
cache-control: max-age=31536000
imagex-fmt: jpeg2jpeg
last-modified: Mon, 13 Jan 2025 15:42:08 GMT
nw-session-id: 20250113234208ACAF98D907D0F5DED55Ajlf5f02xg
nw-session-trace: 2025-01-13T23:42:08.337607566+08:00 54
x-bdcdn-cache-status: TCP_MISS
x-kfc-cachekey: http://pinner-imgserver.byted.org/origin/pgc-image/99dd1c03e95d43f791729bd2bc601ecf
x-length: 33128
x-powered-by: ImageX
x-response-date: Mon, 13 Jan 2025 23:42:08 GMT
x-tt-logid: 20250113234208ACAF98D907D0F5DED55A
via: fdbd:dc02:29:928::35
x-request-ip: fdbd:dc01:27:155::141
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
x-tt-trace-host: 013452966e4860b5f06e9b40dc9af3c3339d227b05ad40aac5fdd86afb8dbe5debc30438de216fc4bc8c6fb3c8b7c3dbc0c9c5c122c710ca8278299857c37f1e4b64ef7d90188f84dfb21d9624155103b2ed9cef24d902def2d67b7ee4a1dbb50c827d5a12c4b5488ad97d9f3190c2b6f6
x-tt-trace-id: 00-250113234208ACAF98D907D0F5DED55A-5F957CEF65E98A7A-00
server: TLB
x-response-lb: image
x-cache-new: HIT
x-via: 1.1 PS-NGB-01Vcf170:2 (Cdn Cache Server V2.0), 1.1 PS-HND-01kDc133:20 (Cdn Cache Server V2.0), 0.0 PS-ARN-01C8L93:4 (Cdn Cache Server V2.0)
x-upper-cache-status: hit
age: 1
server-timing: cdn-cache;desc=hit,edge;dur=4
x-tt-trace-tag: id=01;cdn-cache=hit;type=static
x-ws-request-id: 687b2ef2_PS-ARN-01C8L93_25213-53966
access-control-allow-origin: *
x-server-ip: 91.90.42.154
access-control-expose-headers: X-Server-Ip,Content-Length,Content-Range,content-type,expires,last-modified,via,x-cache,x-response-cache,x-response-sinfo,x-response-cinfo
timing-allow-origin: *
x-response-sinfo: 138.113.181.188
X-Firefox-Spdy: h2
GET vip.aqdm365.com:20844/?f=hocmaivn.com
200 OK 0 B URL GET vip.aqdm365.com:20844/?f=hocmaivn.com
IP
Certificate IssuerUnizeto Technologies S.A.
Subjectvip.aqdm306.com
Fingerprint1E:CC:A8:39:8B:8A:BE:06:90:EB:1A:E4:C3:80:8D:70:D4:5B:F5:83
ValidityThu, 17 Jul 2025 20:47:43 GMT - Sun, 16 Aug 2026 20:47:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?f=hocmaivn.com HTTP/1.1
Host: vip.aqdm365.com:20844
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 19 Jul 2025 05:36:50 GMT
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
GET 38.85.249.23:38894/?f=hocmaivn.com
200 OK 0 B URL GET 38.85.249.23:38894/?f=hocmaivn.com
IP
Certificate IssuerUnizeto Technologies S.A.
Subject38.85.249.7
Fingerprint2E:82:F1:30:BF:3F:DE:E5:DB:49:09:C5:F8:FF:F4:F9:1B:F6:04:F7
ValidityFri, 23 May 2025 20:40:25 GMT - Mon, 22 Jun 2026 20:40:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?f=hocmaivn.com HTTP/1.1
Host: 38.85.249.23:38894
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 19 Jul 2025 05:36:50 GMT
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
GET 38.85.249.24:38894/?f=hocmaivn.com
200 OK 0 B URL GET 38.85.249.24:38894/?f=hocmaivn.com
IP
Certificate IssuerUnizeto Technologies S.A.
Subject38.85.249.7
Fingerprint2E:82:F1:30:BF:3F:DE:E5:DB:49:09:C5:F8:FF:F4:F9:1B:F6:04:F7
ValidityFri, 23 May 2025 20:40:25 GMT - Mon, 22 Jun 2026 20:40:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?f=hocmaivn.com HTTP/1.1
Host: 38.85.249.24:38894
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 19 Jul 2025 05:36:50 GMT
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
GET hm.baidu.com/hm.gif?hca=F76ACC824052AC9E&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1617196333&si=64d1b5d431d9fd0bdbbc692f83389b82&v=1.3.2&lv=1&sn=38767&r=0&ww=1280&u=http%3A%2F%2Fhocmaivn.com%2F&tt=%E4%BA%9A%E6%B4%B2%E7%A6%8F%E5%88%A9%E8%A7%86%E9%A2%91
200 OK 43 B URL GET hm.baidu.com/hm.gif?hca=F76ACC824052AC9E&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1617196333&si=64d1b5d431d9fd0bdbbc692f83389b82&v=1.3.2&lv=1&sn=38767&r=0&ww=1280&u=http%3A%2F%2Fhocmaivn.com%2F&tt=%E4%BA%9A%E6%B4%B2%E7%A6%8F%E5%88%A9%E8%A7%86%E9%A2%91
IP
ASN #9808 China Mobile Communications Group Co., Ltd.
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63
ValidityWed, 09 Jul 2025 07:01:02 GMT - Mon, 10 Aug 2026 07:01:01 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?hca=F76ACC824052AC9E&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1617196333&si=64d1b5d431d9fd0bdbbc692f83389b82&v=1.3.2&lv=1&sn=38767&r=0&ww=1280&u=http%3A%2F%2Fhocmaivn.com%2F&tt=%E4%BA%9A%E6%B4%B2%E7%A6%8F%E5%88%A9%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 19 Jul 2025 05:36:52 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DDD5302DF82D6D2E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
GET sc02.alicdn.com/kf/U2a46ba667cf24dd78a0297440656147bE.png
403 Forbidden 0 B URL GET sc02.alicdn.com/kf/U2a46ba667cf24dd78a0297440656147bE.png
IP
Certificate IssuerGlobalSign nv-sa
Subject*.alicdn.com
FingerprintD9:9D:FA:89:32:D5:CE:F6:C6:DD:E7:8C:70:2A:F3:68:8D:FB:D2:1F
ValidityWed, 23 Apr 2025 06:16:10 GMT - Mon, 25 May 2026 06:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /kf/U2a46ba667cf24dd78a0297440656147bE.png HTTP/1.1
Host: sc02.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
content-type: image/jpeg
content-length: 0
server: Tengine
date: Sat, 19 Jul 2025 05:36:52 GMT
traceid: a3b55cee17529034125867909e
cache-control: max-age=30
ups-target-key: global-filebroker-downstream-s.vipserver
x-protocol: HTTP/1.1
eagleeye-traceid: a3b55cee17529034125867909e
s-brt: 5
timing-allow-origin: *
eagleid: a3b55cee17529034125867909e, a3b55cee17529034125867909e
server-timing: rt;dur=0.008,eagleid;desc=a3b55cee17529034125867909e,brt;dur=5
via: ens-cache9.l2de3[102,102,403-1280,M], ens-cache12.l2de3[103,0], ens-cache8.de5[104,104,403-1280,M], ens-cache19.de5[109,0], 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
ali-swift-global-savetime: 1752903412
x-swift-error: orig response 4XX error
x-swift-savetime: Sat, 19 Jul 2025 05:36:52 GMT
x-swift-cachetime: 30
x-cache: Error from cloudfront
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: NkWFbs6ExdXGczp-59O6Xqgn-MoT4jZA206KB_YkCD_Yl1nNIoE6jw==
X-Firefox-Spdy: h2
0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Suspicious Reversed String Inbound (Microsoft)
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET / HTTP/1.1
Host: hocmaivn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET lf9-cdn-tos.bytecdntp.com/cdn/expire-10-y/amazeui/2.7.2/css/amazeui.min.css
200 OK 255 kB URL GET lf9-cdn-tos.bytecdntp.com/cdn/expire-10-y/amazeui/2.7.2/css/amazeui.min.css
IP
ASN #139057 LEGEND DYNASTY PTE. LTD.
Certificate IssuerDigiCert Inc
Subject*.bytecdntp.com
FingerprintC5:37:BF:E8:AE:9E:51:E0:3B:97:4E:36:38:E1:D0:25:95:71:00:3B
ValidityTue, 25 Mar 2025 00:00:00 GMT - Wed, 25 Mar 2026 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 255 kB (255214 bytes)
Hash 99beca43a5ddada84962903e246e08a7
74bfb4cd3dc15e33ab7da9e207dd46f35fca7bc8
40a34541c0d86748f6561e10840ce0ef5d41d8fb3cd585b92ed7ba4839bc3583
GET /cdn/expire-10-y/amazeui/2.7.2/css/amazeui.min.css HTTP/1.1
Host: lf9-cdn-tos.bytecdntp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 19 Jul 2025 05:36:51 GMT
content-type: text/css
expires: Mon, 05 Feb 2035 08:39:44 GMT
last-modified: Sat, 22 Jan 2022 02:05:48 GMT
vary: Accept-Encoding
etag: W/"61eb667c-3e4ee"
cache-control: max-age=315360000
content-encoding: gzip
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-tt-trace-id: 00-25020514080244C89918A651318339C3-14B4C8675C1900D9-00
server: TLB
x-tt-logid: 2025020514080244C89918A651318339C3
x-ser: i11583_c17981, i15427_c17987, i1872268_c17483, i1935945_c22759
x-cache: HIT from i1935945_c22759(cloudsvr)
server-timing: cdn-cache;desc=HIT,edge;dur=2
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2
GET hm.baidu.com/hm.js?64d1b5d431d9fd0bdbbc692f83389b82
200 OK 30 kB URL GET hm.baidu.com/hm.js?64d1b5d431d9fd0bdbbc692f83389b82
IP
ASN #9808 China Mobile Communications Group Co., Ltd.
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63
ValidityWed, 09 Jul 2025 07:01:02 GMT - Mon, 10 Aug 2026 07:01:01 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 08decc0cd7a0400c97627a23b42756ce
2a38a5dad870a9275d93a6c37fb1f5c04ac99650
53aab523aac63a38f49714e61daa4ffcd70f90d95bfc7241d49fa1ac19e017ab
GET /hm.js?64d1b5d431d9fd0bdbbc692f83389b82 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hocmaivn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11291
Content-Type: application/javascript
Date: Sat, 19 Jul 2025 05:36:51 GMT
Etag: e01eb499e3128eb4493c6d7b81a9392b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F76ACC824052AC9E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
GET lf9-cdn-tos.bytecdntp.com/cdn/expire-10-y/amazeui/2.7.2/fonts/fontawesome-webfont.woff2?v=4.6.3
200 OK 72 kB URL GET lf9-cdn-tos.bytecdntp.com/cdn/expire-10-y/amazeui/2.7.2/fonts/fontawesome-webfont.woff2?v=4.6.3
IP
ASN #139057 LEGEND DYNASTY PTE. LTD.
Certificate IssuerDigiCert Inc
Subject*.bytecdntp.com
FingerprintC5:37:BF:E8:AE:9E:51:E0:3B:97:4E:36:38:E1:D0:25:95:71:00:3B
ValidityTue, 25 Mar 2025 00:00:00 GMT - Wed, 25 Mar 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 71896, version 4.393
Hash e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
GET /cdn/expire-10-y/amazeui/2.7.2/fonts/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: lf9-cdn-tos.bytecdntp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hocmaivn.com
DNT: 1
Connection: keep-alive
Referer: https://lf9-cdn-tos.bytecdntp.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 19 Jul 2025 05:36:52 GMT
content-type: application/octet-stream
content-length: 71896
expires: Mon, 05 Mar 2035 12:35:59 GMT
last-modified: Sat, 22 Jan 2022 02:05:43 GMT
etag: "61eb6677-118d8"
cache-control: max-age=315360000
accept-ranges: bytes
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-tt-trace-id: 00-2406230231458A81A597B074AAB0B7F7-49A5A8E63D8237E1-00
server: TLB
x-tt-logid: 202406230231458A81A597B074AAB0B7F7
x-ser: BC176_dx-lt-yd-jiangsu-yancheng-8-cache-8, BC203_dx-lt-yd-jiangsu-huaian-8-cache-12, i58866_c11118, i1935949_c22759
x-cache: HIT from i1935949_c22759(cloudsvr)
server-timing: cdn-cache;desc=HIT,edge;dur=1
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2
154.198.249.72
138.113.181.188
182.61.201.94
0.0.0.0