nhanquaviipff-gerena-vn.click Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nhanquaviipff-gerena-vn.click/
Submission: On May 25 via api (May 25th 2024, 9:14:29 pm UTC) from US — Scanned from NL

Summary HTTP 39 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 9 domains to perform 39 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is nhanquaviipff-gerena-vn.click.
TLS certificate: Issued by GTS CA 1P5 on May 23rd 2024. Valid for: 3 months.

This is the only time nhanquaviipff-gerena-vn.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Garena Free Fire (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
18	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:211... 2600:9000:211e:9600:12:3436:3dc0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	199.232.196.193 199.232.196.193	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	23.48.23.64 23.48.23.64	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	162.19.88.68 162.19.88.68	16276 (OVH) (OVH)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
39	9

18 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

nhanquaviipff-gerena-vn.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:211e:9600:12:3436:3dc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

dl.dir.freefiremobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 199.232.196.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.48.23.64 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-23-64.deploy.static.akamaitechnologies.com

freefiremobile-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.88.68 (France)

ASN16276 (OVH, FR)
PTR: ns3221377.ip-162-19-88.eu

i.postimg.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	nhanquaviipff-gerena-vn.click nhanquaviipff-gerena-vn.click	136 KB
7	imgur.com i.imgur.com — Cisco Umbrella Rank: 7840	792 KB
3	gstatic.com fonts.gstatic.com	37 KB
3	freefiremobile.com dl.dir.freefiremobile.com — Cisco Umbrella Rank: 32577	656 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 380	59 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	44 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3044	83 KB
1	postimg.cc i.postimg.cc — Cisco Umbrella Rank: 18335	13 KB
1	akamaihd.net freefiremobile-a.akamaihd.net — Cisco Umbrella Rank: 59049	155 KB
39	9

	Domain	Requested by
18	nhanquaviipff-gerena-vn.click	nhanquaviipff-gerena-vn.click
7	i.imgur.com	nhanquaviipff-gerena-vn.click
3	fonts.gstatic.com	nhanquaviipff-gerena-vn.click
3	dl.dir.freefiremobile.com	nhanquaviipff-gerena-vn.click
2	ajax.googleapis.com	nhanquaviipff-gerena-vn.click
2	cdnjs.cloudflare.com	nhanquaviipff-gerena-vn.click cdnjs.cloudflare.com
2	stackpath.bootstrapcdn.com	nhanquaviipff-gerena-vn.click stackpath.bootstrapcdn.com
1	i.postimg.cc	nhanquaviipff-gerena-vn.click
1	freefiremobile-a.akamaihd.net	nhanquaviipff-gerena-vn.click
39	9

This site contains no links.

Subject Issuer	Validity	Valid
nhanquaviipff-gerena-vn.click GTS CA 1P5	`2024-05-23` - `2024-08-21`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
dl.dir.freefiremobile.com Amazon RSA 2048 M03	`2023-11-29` - `2024-12-27`	a year	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2024-04-18` - `2025-04-19`	a year	crt.sh
postimg.cc R3	`2024-04-22` - `2024-07-21`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nhanquaviipff-gerena-vn.click/
Frame ID: 0EF9973E510DF14AB171C8A9269A7A9C
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Garena Free Fire

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

100 %
HTTPS

33 %
IPv6

9
Domains

9
Subdomains

9
IPs

5
Countries

1976 kB
Transfer

2255 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
nhanquaviipff-gerena-vn.click/ 7 KB
3 KB 887ms
769ms Document
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eaddfe1749696f7ad8733a2b8456612210a2213b6987601670e012d1208db86

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 889888d7da57380f-FRA
content-encoding: br
content-type: text/html
date: Sat, 25 May 2024 21:14:21 GMT
last-modified: Wed, 07 Jun 2023 17:15:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NRuc9yYNa%2Fhr0HeZ%2F9yRH66zD%2BykHJ7IXqtEum%2FMcH0TLrDoNMO5r%2BFeVHBbJF0HtEBMdZeN9mDecKueuJsvHb7vcxu4e7LLFcudbpV3KCuXF6NLBQ794GUFfYkxlx2xY64HeLXnMLS8sjTFegE4mA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H3 200 style.css
nhanquaviipff-gerena-vn.click/css/ 17 KB
3 KB 72ms
68ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533da099c1062d2366f4e9d6cc8b3df922813434fde5bdf5a4dcb6fb7a874ce8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 159453
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e5ln04ynxXKIG0LexS8m%2BhgYwIPaO9D%2BMamcTIdD9a3n2nfbUAtMDkq%2BqO9cHeKRUbvNjlRnPqq2eBu5tOccm9TrWXWWQ39GsNXpUuK738PZXoJkOYT9s9M6THDQ3I28rwIl0Y%2Bsmv7UuqfIiKILpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dc78b8380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 00:56:47 GMT

GET
H3 200 animate.css
nhanquaviipff-gerena-vn.click/css/ 83 KB
5 KB 73ms
66ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanquaviipff-gerena-vn.click/css/animate.css
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83232d5071aafb43331d388144abe71decec93237a4aa9c99a7e7a6960a7daac

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 45064
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YGwt%2Fdpvt8WSQHUiMQZDih%2B4260c1o7p1S5CNZh1DzHXdA5Y1z0xozno6J2PvwfMpCR8jC0aRITCu3PpLnTldyZ4QEIKphShofz5M1T34B1C99A0btf3zMEXZtG0qOr3Ij1pyyQeO1yIIkyyTixCiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dc78bb380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 01 Jun 2024 08:43:16 GMT

GET
H3 200 facebook.css
nhanquaviipff-gerena-vn.click/css/login/ 3 KB
1 KB 74ms
67ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanquaviipff-gerena-vn.click/css/login/facebook.css
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 206901e6765ddc180d26d40631b061b38851a8b2f5e32b61a86b441e14e8d298

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 159453
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zAsbnA0F81YPkVlWKWqNdK0BiAyxNzfpj95UUcvt7yg3XAQvEgfdTTcEui8Zh6Wugm8FQU8aRa5PyCU3i2iFhIRnJx0pnabDaQ9xubGaUmS55OgI9vWyoNnEo2vEz4Go1ioVAyOWnm%2FITUQyADO9eA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dc88c4380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 00:56:47 GMT

GET
H3 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
8 KB 120ms
45ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1078
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 5601145
cdn-cachedat: 03/18/2024 12:28:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 9e01696f4dd85a48838a9ea9ee82ef4a
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 889888dced191c28-FRA
cdn-requestpullsuccess: True

GET
H3 200 material-design-iconic-font.min.css
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/ 69 KB
6 KB 111ms
42ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 684835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5845
last-modified: Mon, 04 May 2020 16:12:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed9-1149f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgrjtX%2FudlY1jC4QkfB2jPiiNvLbptAhAOmmFvPjT0GUOHFGJHzNmUAvm2C%2BisXoix71wyw0FkNrtLT4qklvN5CC23HEosZjqUgtSZjpiZHgI5g8Z1CpXsj46WCBB8naRDBpvnY5"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 889888dcefa39f58-FRA
expires: Thu, 15 May 2025 21:14:21 GMT

GET
H2 200 FREE_FIRE_LOGO.PNG(2).png
dl.dir.freefiremobile.com/common/test/official/ 253 KB
254 KB 465ms
310ms Image
image/png 2600:9000:211e:9600:12:3436:3dc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dl.dir.freefiremobile.com/common/test/official/FREE_FIRE_LOGO.PNG(2).png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:9600:12:3436:3dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: OBS /
Resource Hash: e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:08:33 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSvBxgGkizEK2XffZGOVjiMPxkR2oF3R
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
last-modified: Thu, 15 Sep 2022 12:58:04 GMT
server: OBS
x-amz-cf-pop: FRA56-C2
age: 347
etag: "76697e9220e45c00a5fbaf78cc3d7553"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/png
x-obs-request-id: 0000018FB1957838901C3B76495D6756
accept-ranges: bytes
content-length: 258949
x-amz-cf-id: UU7oU_9w1FSf1BB44NeSThTOcs6ug9otnzRDmsw6zuyihA8wDyvMUg==

GET
H3 200 nav_shop.svg
nhanquaviipff-gerena-vn.click/img/ 993 B
1 KB 149ms
144ms Image
image/svg+xml 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/nav_shop.svg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bad9e2db663bbdb4f80bdcb6ea144d69502f9d58bf6fcf19f17e365ffea0220f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 159458
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLWlAeLUQ7lOPxF9N00RJ8rWZ4NvyzzFR2R%2BqReVbI9eM2ZUVBpiQ9N4jGpOAcGy%2FmbaSNz6Jhg1EWQ0BBXe40wP3svX3YEEKUGUcUjxMrMBTQ%2B%2FDiXjr%2BFmvfpY8z23K3vvvYhVF2VBgeEJ8q2jbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dd19ae380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 00:56:41 GMT

GET
H3 200 nav_language.svg
nhanquaviipff-gerena-vn.click/img/ 1 KB
1 KB 102ms
81ms Image
image/svg+xml 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/nav_language.svg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a441182568ad88fa9c54384de94a77f64148d3d54df66ea1beff4a11100967c6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 159453
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dW7eVZAZ7Ujsdaeu14apGNJp46mHbOhJxP%2FPgiFcWzFG0%2FHEIMf76SMU%2FSJ0HqCe%2BR%2FHgqHupdPgzT%2Fd6AjGaC8bD4IJpunGxbygP6doQMrONSU4icJHrLyGCaKLt8RTavBfp35gE89%2B%2BuXUCIHkJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dd19b8380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 00:56:47 GMT

GET
H3 200 nav_menu.svg
nhanquaviipff-gerena-vn.click/img/ 884 B
954 B 65ms
43ms Image
image/svg+xml 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/nav_menu.svg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0d849e0e910d13bcdab1e94f5c799dda1a9429c908e18069f9dc7f7d551d58a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 159453
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f8g%2FY7MLpaH%2FMQyWylf9RghMFEm%2FG2RyREKtLtfz74kLv8ZV%2F7Yzam7dByCnFHJKFPcWWOzzxllnedqfJ%2BInojvu0V0sqv7u7M7LkEV2EzdlLww5w%2BdMMjwLj1wPavLMXbsCByG98lODDbwdkKUffA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dce96e380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 00:56:47 GMT

GET
H3 200 nav_download.svg
nhanquaviipff-gerena-vn.click/img/ 1007 B
1016 B 115ms
94ms Image
image/svg+xml 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/nav_download.svg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b22f25d8b7421c4c4aec15a9a4781f873545a5732ac128871da40f38c98f4cf

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 74600
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVes5PCDp4E6mo78yFI%2Fd68%2FulWZK6XRlUS1zejv575OwQJ8Oc%2FUSNR5Uqxlers7Z5fA3y56Rp7RbfcmGWyjoSCXEIRf0ZWnN9ewiofaEuxXdgjGDnbyAzJxDyKFb80Ht%2FJxafpawSLqrkRc%2B4OkgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dd39dc380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 01 Jun 2024 00:31:00 GMT

GET
H2 200 tfvobB4.jpg
i.imgur.com/ 740 KB
741 KB 188ms
48ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/tfvobB4.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

bfb99d97778db09f74a98962a4382683145cdc6939d6f783c0c9c0b4fb1cd710

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: ATL59-P7
age: 721763
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 757517
x-served-by: cache-iad-kjyo7100057-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:36:39 GMT
server: cat factory 1.0
x-timer: S1716671662.722781,VS0,VE1
etag: "d521fa3c59961303cf6c55438fcca28f"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Z2T0Ju2_J7eX-1aZ9cCt_ZIL3SyNIrNj2Au22R747RefP6fzKNRSnQ==
x-cache-hits: 62, 0

GET
H3 404 s4_img2.png
nhanquaviipff-gerena-vn.click/img/ 1 KB
1 KB 757ms
738ms Image
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/s4_img2.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 25 May 2024 21:14:22 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6WYv2bcccN2ZU4JdfgpDP6V5beJO5zbAkjb%2Bo5uC7bnTiqg%2F8uANNJtrgPY%2FhzaAlGFKDkFuk8TyhIdNgIyCs2aePCRxixJ5qmB1r8ywULCyX13JYmp8MfQTE1rXv0KL%2FBAeJiBuzSBHGcf3JgpMQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dd39e0380f-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 GRQsVNJ.jpg
i.imgur.com/ 10 KB
10 KB 188ms
48ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/GRQsVNJ.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

7a096e8e9422a18b18d688fd2654298e541326e618bacbacf11f788f61e06bf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1264449
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 9980
x-served-by: cache-iad-kjyo7100092-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:48:27 GMT
server: cat factory 1.0
x-timer: S1716671662.722734,VS0,VE1
etag: "14dc5366e0c20deba73a8d8f6c1c613e"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 2k_0zPRPZZ8oyZM_e7099TRTEShT5i0vdZBJYxniw7t7Z8GngtLQ-g==
x-cache-hits: 63, 0

GET
H2 200 ciz75Zh.jpg
i.imgur.com/ 8 KB
8 KB 192ms
56ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ciz75Zh.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

0480bf4114b1002535d9fbec0e1990a4e448133742efea62e3fc48e5ecdf9391

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 547444
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 7837
x-served-by: cache-iad-kiad7000101-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:53:06 GMT
server: cat factory 1.0
x-timer: S1716671662.722727,VS0,VE1
etag: "f0cbef2bbc2d87a5452c6d580b5da003"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: oWFdZzya8pSLfp-V-G7Uh-DsooFZaF1gN-C_mobhXSRsGlBbxfG0YQ==
x-cache-hits: 54, 0

GET
H2 200 qEJgJzx.jpg
i.imgur.com/ 10 KB
10 KB 207ms
71ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qEJgJzx.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

daef22e8ddfd5af8142b1b1f07788b6d842c12a8f3c4a0c8ccda6fb3af9abda2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 814559
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 9768
x-served-by: cache-iad-kjyo7100154-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:23:46 GMT
server: cat factory 1.0
x-timer: S1716671662.722669,VS0,VE2
etag: "afa9cb92d2bc1f40b583e2ea7241d884"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ZaGGVqTWn9i20bC0oEKcqRQ0l8pJZqScEAjLRiTGPw8jJjB5E3wiBA==
x-cache-hits: 57, 0

GET
H2 200 j0Sh1aw.jpg
i.imgur.com/ 8 KB
8 KB 237ms
102ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/j0Sh1aw.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

ac81e875a4230d76784c018eb5147f6142ab527b392d993016f01302bb91b11a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 929760
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 8030
x-served-by: cache-iad-kcgs7200058-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:49:49 GMT
server: cat factory 1.0
x-timer: S1716671662.722723,VS0,VE3
etag: "82e8fd54b2ed8aff6d3004d0e5cf572f"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: APzMVI-MD4SXI-sKGdxqfRkygbf41fE7i-Hn-TDv1pjK96PeASlpoA==
x-cache-hits: 66, 0

GET
H2 200 BANGKqp.jpg
i.imgur.com/ 8 KB
8 KB 205ms
71ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/BANGKqp.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

aedc3f0e4f299df01d2d057b1fa2c735411ab713b334b221fdecb4d5fcd9d4f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 1434809
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 8375
x-served-by: cache-iad-kjyo7100069-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:45:59 GMT
server: cat factory 1.0
x-timer: S1716671662.722699,VS0,VE2
etag: "7b3f3eb6c720020156363f064e7c74a7"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: LSJUIAHg5TJUeyJ3MRIY1sVlPver5vZJGVCfBkV0z7pQ3Je0jp6ZmQ==
x-cache-hits: 70, 0

GET
H2 200 hsq7GNC.jpg
i.imgur.com/ 7 KB
7 KB 68ms
55ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/hsq7GNC.jpg

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

f8bab2044730149edaf441e1620e89fa61fd03323b088ea6f92316a9d426a981

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P4
age: 1070103
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 7418
x-served-by: cache-iad-kcgs7200060-IAD, cache-mad22051-MAD
last-modified: Sun, 30 Apr 2023 04:53:36 GMT
server: cat factory 1.0
x-timer: S1716671662.722767,VS0,VE1
etag: "119094aa160591847925ef8f56548049"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: jzK-pCt6v3B5wb5drVnozip8jDma3gUjI6ahnOChlTt9Tz6x2UgGEw==
x-cache-hits: 63, 0

GET
H2 200 logo.c7fec21.png
dl.dir.freefiremobile.com/common/web_event/ffuniversenew/img/ 60 KB
61 KB 455ms
361ms Image
image/png 2600:9000:211e:9600:12:3436:3dc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dl.dir.freefiremobile.com/common/web_event/ffuniversenew/img/logo.c7fec21.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:9600:12:3436:3dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: OBS /
Resource Hash: 64637c8441732137d863f79b59603293e75d0af45ff9e3420b00d5ba7da69dd3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 20:54:14 GMT
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
content-md5: SQ/XwdBLT+03Nf8E7TCSMg==
x-amz-cf-pop: FRA56-C2
age: 1207
x-cache: Hit from cloudfront
x-obs-request-id: 0000018FB18858FD9810E7FE442E67D8
content-length: 61764
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSfuPPPr+vgpVOdBestVGPTALlBGovy4
last-modified: Mon, 29 May 2023 05:14:03 GMT
server: OBS
x-obs-replication-status: REPLICA
etag: "490fd7c1d04b4fed3735ff04ed309232"
vary: Origin
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: kVGbAxiUCukAzn0QPJVumScZfm9tRQGPw1RQO9MF9m8G0qoE5ml4CA==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 133ms
30ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 18:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10853
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 May 2025 18:13:28 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.3/ 82 KB
29 KB 158ms
56ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 18:13:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10852
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29707
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 May 2025 18:13:29 GMT

GET
H3 200 nvn.css
nhanquaviipff-gerena-vn.click/css/ 1 KB
1011 B 52ms
51ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanquaviipff-gerena-vn.click/css/nvn.css
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bb953d6a9a65150a21a26dbc9d119a125b996b155a378c245be0557061337cc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 159452
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=viKYhCEzgPdJj0o4pWUQAFEipVZnXFEpjD0VKUWwxx9ZnejjCq7%2FtN94Jvf%2BMhRrsq4b2Qz%2Fm9ehL1Hk%2F4RMD0HLbuTKs%2B5%2F%2BA7fk5BxyVKiNIvOlxWYxu1pjCxgaZ0d%2F3lrlPOUQMNn0K2D04rgoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 889888dcf98e380f-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 00:56:48 GMT

GET
H2 200 83f3aecfe60c6ec13a09696b3465907a.jpg
dl.dir.freefiremobile.com/common/web_event/official2.ff.garena.all/20232/ 341 KB
342 KB 234ms
220ms Image
image/jpeg 2600:9000:211e:9600:12:3436:3dc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dl.dir.freefiremobile.com/common/web_event/official2.ff.garena.all/20232/83f3aecfe60c6ec13a09696b3465907a.jpg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:9600:12:3436:3dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: OBS /
Resource Hash: b5a79ac9adb2cde5e508ac84e74bb9a9e5a87e3e3cdd4f5b269224437f61d052

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 20:27:23 GMT
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
content-md5: mAsnWnO/tjcYj9puBZ+yDQ==
x-amz-cf-pop: FRA56-C2
age: 2818
x-cache: Hit from cloudfront
x-obs-request-id: 0000018FB16FC6BE9415082F7BDA7BA4
content-length: 349155
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSH2vAiB20balNvHrlsKaQFHqoHRO87a
last-modified: Fri, 03 Feb 2023 10:24:09 GMT
server: OBS
x-obs-replication-status: REPLICA
etag: "980b275a73bfb637188fda6e059fb20d"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: pH_oUL1PP9iel5v1Z7hR-c3WEs7wJVpTuML2qrN6seqRgGEz20APZQ==

GET
H/1.1 200
OK 284e7fe8d941a07012304a3ad7ad86e8.jpg
freefiremobile-a.akamaihd.net/common/web_event/official2.ff.garena.all/img/20228/ 154 KB
155 KB 1768ms
1631ms Image
image/jpeg 23.48.23.64
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/official2.ff.garena.all/img/20228/284e7fe8d941a07012304a3ad7ad86e8.jpg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: e9a5c76a3fe82b6c1fc575d7b47acb5cb802affa64205528fbe1ca764b276a26

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 25 May 2024 21:14:23 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSTbtviIg7yR5M0U76xIlVhox+N5VaZ/
Last-Modified: Thu, 15 Sep 2022 13:06:49 GMT
Server: OBS
ETag: "ac2cb1bda658d3a4c2cee214f44497fb"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018F775B5E36941508197E4EC7BD
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 157948

GET
H3 200 s4_text1.png
nhanquaviipff-gerena-vn.click/img/ 8 KB
9 KB 60ms
51ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/s4_text1.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b703429ff672bc0e5fbd32fd2c97f37d4115e03b8f1c3c30e211fcab2ebc1ed

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159451
alt-svc: h3=":443"; ma=86400
content-length: 8350
last-modified: Wed, 07 Jun 2023 17:28:31 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiRZMZP3Xgeo9VGnfxSZcWCtHiR8eZx%2FA06GM0XRtHyZAeq8XxsYkH0AcuQJqCmZxKCed9JdThQcH1AEnKaDwjxoXfeoUrhRkw7Qe8Ko6voHXGTgAQMyxfKVQ3MN3aVeQMC4NuWDAVgCmwm3%2Bw4pvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888dd7a25380f-FRA
expires: Fri, 31 May 2024 00:56:49 GMT

GET
H3 200 event-notification.png
nhanquaviipff-gerena-vn.click/img/ 17 KB
18 KB 76ms
66ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/event-notification.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ab25c7f8bd03d146a667af4cf4a7991dd3485acba86c617d02eb5cf87355384

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72461
alt-svc: h3=":443"; ma=86400
content-length: 17522
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JjrZXAY39aFS6BUPKSLH%2BfPgcDwINEeAbXDsufnKF%2B8Qmk%2BedbOq35B7YlANUucU1haY4NqrA1kwkJI8lwuIALjhuAAB5N%2BFBhqnKDdAwHUwNTp31OY31URB0xs1PSe5r6UvCNdeDIl%2BViSWiwFO7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888dd7a27380f-FRA
expires: Sat, 01 Jun 2024 01:06:40 GMT

GET
H3 200 rewards-box-navbar.png
nhanquaviipff-gerena-vn.click/img/ 10 KB
10 KB 88ms
78ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/rewards-box-navbar.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6eab209a7df43f9f088e62a99f7a7a0f654015f2497de0702ecd9a73ad17d5a5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159451
alt-svc: h3=":443"; ma=86400
content-length: 10046
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RTY1WaXUbQIZhYXmEXusu0P6oGW4I2BM6IEU%2FBU%2BQQzSyn6dZOgrZv3Y3gYq%2BIsjmJ%2BYKrWX007s7ACqewp8yRarxAp%2BgaIYtdQrSX1rMz3yVwGpcP8QeMqPOPGXMWL0I%2B4M3W6xE5AyNMs%2B%2B7%2BtAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888dd7a28380f-FRA
expires: Fri, 31 May 2024 00:56:49 GMT

GET
H3 200 rewards-box-content.png
nhanquaviipff-gerena-vn.click/img/ 56 KB
57 KB 108ms
99ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/rewards-box-content.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45fb6adc6085431c1b4c6fc68229983f5d6035a0d1226590e18d35fde7b912a3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159451
alt-svc: h3=":443"; ma=86400
content-length: 57660
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aT%2Frej7rKwCI6QqkV3rHT8Xm7HX3hGwOV6P4vEgz4ZhI08uyPS5NvbBE0FPtRNdATJbtYoOhGuzWP6v%2FLO%2BUbtNVnDdl8KzWEQ7kP6OsTSfi5IIDlVYGqGCdvdGuwS9ifSAq3oGsMiAlNtnS8jJIFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888dd7a2a380f-FRA
expires: Fri, 31 May 2024 00:56:49 GMT

GET
H3 200 btn-item.png
nhanquaviipff-gerena-vn.click/img/ 7 KB
8 KB 60ms
51ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/btn-item.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eec76005342c623c5ad4e9493ae2f791d768a423872a1218226fb85580b6158

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159451
alt-svc: h3=":443"; ma=86400
content-length: 7624
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MuNGtO8Gs4iPDq48ATpwW9k%2F%2Fed%2BKt12bGPkmblPu8jygxbP%2FyBSKW%2BwgnjGY9pqxr7GSm4Fy3VJrae3nH4G94bortCKheqOeEl7PhSx7zNg%2B44fLUo01RxFsQ4c6nmzMwEvUP8GOp0LLnODADg97g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888dd7a2c380f-FRA
expires: Fri, 31 May 2024 00:56:49 GMT

GET
H2 200 footer-bg.jpg
i.postimg.cc/DZYQm0Gm/ 12 KB
13 KB 152ms
48ms Image
image/jpeg 162.19.88.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.postimg.cc/DZYQm0Gm/footer-bg.jpg
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.88.68 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3221377.ip-162-19-88.eu
Software: nginx /
Resource Hash: 2e941582ccd035c15c6d6003745300a0f1a2ad587774e255a8482939f58a6d16

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
last-modified: Wed, 13 Apr 2022 14:17:46 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 12634
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 popup-navbar.png
nhanquaviipff-gerena-vn.click/img/ 8 KB
9 KB 167ms
159ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/popup-navbar.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fd62c73e5d5d6f9914363672c8a7192bdb374436bf9f6cc9bba71ee47bb8075

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159451
alt-svc: h3=":443"; ma=86400
content-length: 8555
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RxCq%2Bn7n5uc6nNYgd3sqvzoxE5cKaUb31l093ip78q2WB7lrBpOig9x%2BkinQSG7M8G8Y4qN99p1F6kwVeeHL%2FzQGB7860i2WWoJZPwwXDP46ho7zeHc2BmieV62PYMiLH%2FcP8MsmsqKKaAxMvjlYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888dddaa7380f-FRA
expires: Fri, 31 May 2024 00:56:49 GMT

GET
H3 200 popup-box-bg.png
nhanquaviipff-gerena-vn.click/img/ 5 KB
5 KB 168ms
160ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanquaviipff-gerena-vn.click/img/popup-box-bg.png
Requested by: Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de96470c437bdaffc85802518ca72b74a49e10029843e4d4bcb96afe4cefcad6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/css/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159451
alt-svc: h3=":443"; ma=86400
content-length: 4867
last-modified: Wed, 07 Jun 2023 17:13:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EMoYTTiscz5P3ULn9Oq7PWNsq0aLE%2B5aFfL%2B7t88B7NqyZFsgcxDthCaozQHMCkJeTM9oLVG7D1b5CY%2ByPui83ds9rBKLJ4aj6euEjh40F%2BmJuJIeC0JUvLVmSCUwqpYv4Cpt0jbOqCqHAYWnHZn9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 889888ddfadc380f-FRA
expires: Fri, 31 May 2024 00:56:49 GMT

GET
H2 200 wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_leP7ncM.woff2
fonts.gstatic.com/s/baloo2/v11/ 18 KB
19 KB 97ms
32ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/baloo2/v11/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_leP7ncM.woff2

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/nvn.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b02201c71d3fa43c6daa590c9498b6cbfbb67edb0d4607c5d6a5d6cc3a38a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Origin: https://nhanquaviipff-gerena-vn.click
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 23 May 2024 04:59:38 GMT
x-content-type-options: nosniff
age: 231283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18592
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:31:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 May 2025 04:59:38 GMT

GET
H3 200 Material-Design-Iconic-Font.woff2
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/ 37 KB
38 KB 62ms
35ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css
Origin: https://nhanquaviipff-gerena-vn.click
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 795368
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 38384
last-modified: Mon, 04 May 2020 16:12:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed9-95f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqAdbRia10ekdadUHahtrU7SDn4OlRsIjrU8upGcG9x%2FBCNBuawnnZotRHSgg7jL1Lx%2Feix9PSYeAQ3XMI%2FnXr6rtHfBienqeE7ebQBIbesVi%2FYAU8SFaOhC6pv1qAwUZLdBSeTu"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 889888ddccc22baf-FRA
expires: Thu, 15 May 2025 21:14:21 GMT

GET
H3 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 61ms
32ms Font
font/woff2 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://nhanquaviipff-gerena-vn.click
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 21:14:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 752
age: 163566
cdn-cachedat: 10/31/2023 19:08:24
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 5f33d670c764aec71205d501eda27311
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 889888dddd606925-FRA
cdn-requestpullsuccess: True

GET
H2 200 wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_leP7ncMgzQ.woff2
fonts.gstatic.com/s/baloo2/v11/ 14 KB
14 KB 101ms
38ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/baloo2/v11/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_leP7ncMgzQ.woff2

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/nvn.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d33d6f1b6f1131e4500af570e814f8ca012acc996accd933d18dd7e5ba467f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Origin: https://nhanquaviipff-gerena-vn.click
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 23 May 2024 04:59:38 GMT
x-content-type-options: nosniff
age: 231283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14160
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:30:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 May 2025 04:59:38 GMT

GET
H2 200 wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_leP7ncMgzQ.woff2
fonts.gstatic.com/s/baloo2/v11/ 5 KB
5 KB 27ms
26ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/baloo2/v11/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_leP7ncMgzQ.woff2

Requested by

Host: nhanquaviipff-gerena-vn.click
URL: https://nhanquaviipff-gerena-vn.click/css/nvn.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40afc48a5f88815f3178170d4959821d17a2acc40e6d72bdbc5934c8508f898f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Origin: https://nhanquaviipff-gerena-vn.click
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 25 May 2024 18:21:57 GMT
x-content-type-options: nosniff
age: 10344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4740
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:33:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 May 2025 18:21:57 GMT

GET
H3 404 icon.png
nhanquaviipff-gerena-vn.click/img/ 1 KB
1 KB 676ms
675ms Other
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanquaviipff-gerena-vn.click/img/icon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nhanquaviipff-gerena-vn.click/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 25 May 2024 21:14:24 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmXLOz1CFLAMSSGMADWMI%2BVzH7I%2Fl%2Bt5UqRbJYyikEmOdk7cS98Kek9ap1ifBHw2DQgiuJlpMdACnJcZ3v6hJryOXIb6FmYHxaJoGMLm%2F7ne%2BQzfr34%2B8MurhLODS4gwN1lwUXH3V4%2FmiM3x8zee8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 889888e93a03380f-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Garena Free Fire (Gaming)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nhanquaviipff-gerena-vn.click/img/s4_img2.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nhanquaviipff-gerena-vn.click/img/icon.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
dl.dir.freefiremobile.com
fonts.gstatic.com
freefiremobile-a.akamaihd.net
i.imgur.com
i.postimg.cc
nhanquaviipff-gerena-vn.click
stackpath.bootstrapcdn.com
104.17.24.14
104.18.10.207
162.19.88.68
188.114.96.3
199.232.196.193
23.48.23.64
2600:9000:211e:9600:12:3436:3dc0:93a1
2a00:1450:4001:82a::200a
2a00:1450:4001:831::2003
0480bf4114b1002535d9fbec0e1990a4e448133742efea62e3fc48e5ecdf9391
0b22f25d8b7421c4c4aec15a9a4781f873545a5732ac128871da40f38c98f4cf
1fd62c73e5d5d6f9914363672c8a7192bdb374436bf9f6cc9bba71ee47bb8075
206901e6765ddc180d26d40631b061b38851a8b2f5e32b61a86b441e14e8d298
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d33d6f1b6f1131e4500af570e814f8ca012acc996accd933d18dd7e5ba467f1
2e941582ccd035c15c6d6003745300a0f1a2ad587774e255a8482939f58a6d16
2eaddfe1749696f7ad8733a2b8456612210a2213b6987601670e012d1208db86
2eec76005342c623c5ad4e9493ae2f791d768a423872a1218226fb85580b6158
3ab25c7f8bd03d146a667af4cf4a7991dd3485acba86c617d02eb5cf87355384
40afc48a5f88815f3178170d4959821d17a2acc40e6d72bdbc5934c8508f898f
45fb6adc6085431c1b4c6fc68229983f5d6035a0d1226590e18d35fde7b912a3
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
533da099c1062d2366f4e9d6cc8b3df922813434fde5bdf5a4dcb6fb7a874ce8
5b02201c71d3fa43c6daa590c9498b6cbfbb67edb0d4607c5d6a5d6cc3a38a60
64637c8441732137d863f79b59603293e75d0af45ff9e3420b00d5ba7da69dd3
6eab209a7df43f9f088e62a99f7a7a0f654015f2497de0702ecd9a73ad17d5a5
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a096e8e9422a18b18d688fd2654298e541326e618bacbacf11f788f61e06bf0
83232d5071aafb43331d388144abe71decec93237a4aa9c99a7e7a6960a7daac
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8b703429ff672bc0e5fbd32fd2c97f37d4115e03b8f1c3c30e211fcab2ebc1ed
8bb953d6a9a65150a21a26dbc9d119a125b996b155a378c245be0557061337cc
a441182568ad88fa9c54384de94a77f64148d3d54df66ea1beff4a11100967c6
ac81e875a4230d76784c018eb5147f6142ab527b392d993016f01302bb91b11a
aedc3f0e4f299df01d2d057b1fa2c735411ab713b334b221fdecb4d5fcd9d4f7
b0d849e0e910d13bcdab1e94f5c799dda1a9429c908e18069f9dc7f7d551d58a
b5a79ac9adb2cde5e508ac84e74bb9a9e5a87e3e3cdd4f5b269224437f61d052
bad9e2db663bbdb4f80bdcb6ea144d69502f9d58bf6fcf19f17e365ffea0220f
bfb99d97778db09f74a98962a4382683145cdc6939d6f783c0c9c0b4fb1cd710
daef22e8ddfd5af8142b1b1f07788b6d842c12a8f3c4a0c8ccda6fb3af9abda2
de96470c437bdaffc85802518ca72b74a49e10029843e4d4bcb96afe4cefcad6
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
e9a5c76a3fe82b6c1fc575d7b47acb5cb802affa64205528fbe1ca764b276a26
f8bab2044730149edaf441e1620e89fa61fd03323b088ea6f92316a9d426a981

nhanquaviipff-gerena-vn.click Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

39 Requests

100 %HTTPS

33 %IPv6

9 Domains

9 Subdomains

9 IPs

5 Countries

1976 kBTransfer

2255 kBSize

0 Cookies

0 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nhanquaviipff-gerena-vn.click Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

100 %
HTTPS

33 %
IPv6

9
Domains

9
Subdomains

9
IPs

5
Countries

1976 kB
Transfer

2255 kB
Size

0
Cookies

39 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!