nhanqua-tet.garaena.vn Open in urlscan Pro
2606:4700:3033::6815:31f2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nhanqua-tet.garaena.vn/
Effective URL:
https://nhanqua-tet.garaena.vn/
Submission: On February 16 via automatic, source openphish (February 16th 2024, 12:19:47 pm UTC) — Scanned from DE

Summary HTTP 60 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 17 domains to perform 60 HTTP transactions. The main IP is 2606:4700:3033::6815:31f2, located in United States and belongs to CLOUDFLARENET, US. The main domain is nhanqua-tet.garaena.vn.
TLS certificate: Issued by GTS CA 1P5 on January 29th 2024. Valid for: 3 months.

This is the only time nhanqua-tet.garaena.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3032::ac43:c432	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:303... 2606:4700:3033::6815:31f2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	146.75.116.193 146.75.116.193	54113 (FASTLY) (FASTLY)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	23.48.23.64 23.48.23.64	() ()
1	2600:9000:212... 2600:9000:2127:b600:12:3436:3dc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:310... 2606:4700:3108::ac42:2b55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	129.226.2.89 129.226.2.89	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
60	21

1 2606:4700:3032::ac43:c432 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

nhanqua-tet.garaena.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3033::6815:31f2 (United States)

ASN13335 (CLOUDFLARENET, US)

nhanqua-tet.garaena.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 146.75.116.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.kolpaper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.48.23.64 (Frankfurt am Main, Germany)

ASN- ()
PTR: a23-48-23-64.deploy.static.akamaitechnologies.com

freefiremobile-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:b600:12:3436:3dc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

dl.dir.freefiremobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3108::ac42:2b55 (United States)

ASN13335 (CLOUDFLARENET, US)

files7.webydo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 129.226.2.89 (Singapore, Singapore)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

na.apps.amsoveasea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	akamaihd.net freefiremobile-a.akamaihd.net — Cisco Umbrella Rank: 72397	368 KB
10	imgur.com i.imgur.com — Cisco Umbrella Rank: 7399	61 KB
8	garaena.vn 1 redirects nhanqua-tet.garaena.vn	258 KB
7	youtube.com www.youtube.com — Cisco Umbrella Rank: 80	976 KB
6	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 434 fonts.googleapis.com — Cisco Umbrella Rank: 48 jnn-pa.googleapis.com — Cisco Umbrella Rank: 230	76 KB
5	gstatic.com fonts.gstatic.com	61 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 353	17 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 static.doubleclick.net — Cisco Umbrella Rank: 271	1 KB
1	amsoveasea.com na.apps.amsoveasea.com — Cisco Umbrella Rank: 72381	175 B
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 218	5 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 102	71 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	20 KB
1	webydo.com files7.webydo.com	21 KB
1	freefiremobile.com dl.dir.freefiremobile.com — Cisco Umbrella Rank: 25959	114 KB
1	kolpaper.com www.kolpaper.com — Cisco Umbrella Rank: 676977	409 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 940	30 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	14 KB
60	17

	Domain	Requested by
10	freefiremobile-a.akamaihd.net	nhanqua-tet.garaena.vn
10	i.imgur.com	nhanqua-tet.garaena.vn
8	nhanqua-tet.garaena.vn	1 redirects nhanqua-tet.garaena.vn code.jquery.com
7	www.youtube.com	nhanqua-tet.garaena.vn www.youtube.com
5	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
4	jnn-pa.googleapis.com	www.youtube.com
4	cdn.jsdelivr.net	nhanqua-tet.garaena.vn
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
1	na.apps.amsoveasea.com	code.jquery.com
1	yt3.ggpht.com	www.youtube.com
1	i.ytimg.com	www.youtube.com
1	www.google.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	files7.webydo.com	nhanqua-tet.garaena.vn
1	dl.dir.freefiremobile.com	nhanqua-tet.garaena.vn
1	www.kolpaper.com	nhanqua-tet.garaena.vn
1	fonts.googleapis.com	nhanqua-tet.garaena.vn
1	code.jquery.com	nhanqua-tet.garaena.vn
1	cdnjs.cloudflare.com	nhanqua-tet.garaena.vn
1	ajax.googleapis.com	nhanqua-tet.garaena.vn
60	20

This site contains no links.

Subject Issuer	Validity	Valid
garaena.vn GTS CA 1P5	`2024-01-29` - `2024-04-28`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
kolpaper.com GTS CA 1P5	`2023-12-25` - `2024-03-24`	3 months	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-05-15`	a year	crt.sh
dl.dir.freefiremobile.com Amazon RSA 2048 M03	`2023-11-29` - `2024-12-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
na.apps.amsoveasea.com TrustAsia RSA DV TLS CA G2	`2023-04-23` - `2024-05-22`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://nhanqua-tet.garaena.vn/
Frame ID: 4A3CA20D419AC940D53187E22399B4B1
Requests: 41 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
Frame ID: E9436F55C4E36CD073C5E252EBFAB563
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

GARENA FREE FIRE

Page URL History Show full URLs

http://nhanqua-tet.garaena.vn/ HTTP 301
https://nhanqua-tet.garaena.vn/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweetalert2(?:\.all)?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

60
Requests

98 %
HTTPS

86 %
IPv6

17
Domains

20
Subdomains

21
IPs

3
Countries

2500 kB
Transfer

5110 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nhanqua-tet.garaena.vn/ HTTP 301
https://nhanqua-tet.garaena.vn/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

60 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
nhanqua-tet.garaena.vn/
Redirect Chain

http://nhanqua-tet.garaena.vn/
https://nhanqua-tet.garaena.vn/

7 KB
3 KB

811ms
759ms

Document
text/html

2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanqua-tet.garaena.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 5ca525fb4997147d46aeccd39e662436a0881b61c4feb8fc4be159e861a6c6c0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8565bd7929b0bb4a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 12:19:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FkSWtqVPkcx9Rwz19%2BG4yRbGcY6tdBz5gTEjNLyfbdgzxny4mimTgHmiynsxUtHEq9SCi88lALGJg%2BUx9Mk0YPDPZjUa1nk7RiVO%2FOKuepnuWJ5806OprKUGVMgv28M2bWkr3K9kdXyESdev4rR0753WF1d%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33

Redirect headers

CF-RAY: 8565bd786a5a30cc-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 16 Feb 2024 12:19:38 GMT
Expires: Fri, 16 Feb 2024 13:19:38 GMT
Location: https://nhanqua-tet.garaena.vn/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IE7stqkqed1SiBxyyX76saDuCvdrAir%2F22HVkjQU8%2Fw6%2FfDs9eg1BicttoilzVSStVh7cBE%2BmrmoGVpGt7O8MCxqOMJI%2B19LjLpzwhvdD7HQI%2FLuWFU9xGRqdoVdb3SUDYTvzJ2KikAx21x2k5bfTG2eBhNm"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.css
nhanqua-tet.garaena.vn/css/ 23 KB
5 KB 873ms
872ms Stylesheet
text/css 2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d67f2b1a4841f39bdf796522a8b369192e323f27d0e45ac319774330d7dd3cf7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 13:44:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zE%2BE2ZpUGcRHJxBJopyY%2BvcF6h2zLYh5WNMZB%2FSlgWNiIKbYEakGw%2FczubT691Pr9YNHEfFdldzOSXL%2BPyyHXPV%2F%2BS2cBZ21lWSKxcBJ%2FQ0gJnYBsQlRU%2BVhqEYWDhjucJj82fjptPMKAzTiEuKuAiY%2FWItY"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8565bd7e19e5bb4a-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 ionic.esm.js Show response
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ 22 KB
6 KB 89ms
36ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ionic.esm.js

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

586ac831fad0cefd0f13039e7d78c4ddaeef50b3a64b1c5bdeea73b49bf06086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://nhanqua-tet.garaena.vn/
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19949
x-jsd-version: 7.7.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220033-FRA, cache-lga21972-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"58bb-JDHE9LI0cYdM9Sceq7crGErSFLg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHTHy5vaYYwaIxzRLUjPOTe5kZi4as8%2B7UGPX6Xta19WSyTb9%2F4KA1B4rxq0C4VTTEURG1PwaV6LaH4gdybzFPkiEgEfF8Q6zUc09sWq0XdrrmXRRgJVe6zMGeZ%2BvPx4v92QxMAKAs062gewVxY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8565bd7e6a4637f7-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 74ms
21ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:57:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 271355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:57:04 GMT

GET
H2 200 sweetalert2.all.js Show response
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.11.5/ 76 KB
14 KB 90ms
37ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.11.5/sweetalert2.all.js

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae4de0464f907f90721557737e22dbadf629ec2f606a0f94e5c9dd1bb6261240

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6670953
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13437
last-modified: Mon, 04 May 2020 16:12:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed1-12ec2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEV%2B1NhMjKgFL66gBpS%2BVmEE2MsVvkpOvp93KKwC3qwNg8VRudiv5DjnTukHZglrbCivsAJTGD%2FdPHHRqcwgDIwAdkJzBK%2BOU90tsKv6DnkMlED3GjTiRHljnS%2Bzi4PTdZn7KiztUM%2BI2SLfgAJZupsC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8565bd7e6d4c65cf-FRA
expires: Wed, 05 Feb 2025 12:19:39 GMT

GET
H2 200 EUV3ile.png
i.imgur.com/ 4 KB
5 KB 92ms
35ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/EUV3ile.png

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

8bdb4322a6170d1d92b43e3be71e72673051835bd52152e216efba7cb4e9e1cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:39 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 3815646
x-cache: Miss from cloudfront, HIT, HIT
content-length: 4267
x-served-by: cache-iad-kjyo7100108-IAD, cache-fra-eddf8230052-FRA
last-modified: Thu, 07 Jul 2022 15:08:29 GMT
server: cat factory 1.0
x-timer: S1708085980.913845,VS0,VE11
etag: "6c4aeb014b77e39ab3ad74e57048a7c6"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: tvVujsqfYggtzhJ0XfkFBMZuipcIrT0rXFBR2Q0tEF_Fj6gPOOmDqg==
x-cache-hits: 441, 1

GET
H2 200 1.jpg
nhanqua-tet.garaena.vn/assets/incu/ 213 KB
214 KB 1156ms
1155ms Image
image/jpeg 2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanqua-tet.garaena.vn/assets/incu/1.jpg
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 432360a0d8577899a613c18a11150cb52fa83c4863e8495d8a5cb03fa431f9f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:40 GMT
cf-cache-status: MISS
last-modified: Tue, 05 Apr 2022 19:13:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5LJOBZrLSUHD5fJr%2BqzvnQs8%2B7nXDmK2TSeB%2B2IvKyQHmv4W8cpf45%2B6KZgDqw6v0WJhDdztZj%2FPArWVTeV7HJ1Ji69A5h5uVSho51wxIYPNDIewinyrV7hYXyxF7cJhYQdSEEKQu9ecfGs2Z9PG2FaLpOx"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8565bd7e19e7bb4a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 218095

GET
H3 200 facebook_text.png
nhanqua-tet.garaena.vn/assets/img/ 28 KB
29 KB 900ms
899ms Image
image/png 2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanqua-tet.garaena.vn/assets/img/facebook_text.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:40 GMT
cf-cache-status: MISS
last-modified: Tue, 05 Apr 2022 19:13:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fItyRKpoEf9PcRBzjwiQ5TB%2Bd8WbOmWUgFmQCOCUQEV0vNMawuiEgsQg05hmCVLP07tME89WHgS3zQ7KG3K%2F4e1LLiiTcx92Jrn%2BizLRvy2zMLmROkFeBNOV7cD%2FstR4sekz%2F%2F3rNja1X9DDX%2B1btTxhXOPc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8565bd7ea8c090e8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 28789

GET
H3 404 icon.png
nhanqua-tet.garaena.vn/tan/ 315 B
315 B 593ms
593ms Image
text/html 2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nhanqua-tet.garaena.vn/tan/icon.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:41 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iyub%2BokBiu%2Fe7oBZT4%2F96yLfFmhrFliv4goq8hiC059umW3Kpn4dR%2FeJqSlWS8yznQfJ97c%2BV7gmwxFZ6l6D%2FDgpV8W%2FA8xCZVxnqjYYoX8iRRkEpj9LM98bkWwfcbJRCBEmoJFggo%2FYNuuFNAkAdZrer01u"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8565bd843f9a90e8-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 78ms
23ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:40 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 543599
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-etou8220064-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1708085981.893663,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 15, 271246

GET
H3 200 kensine.js Show response
nhanqua-tet.garaena.vn/chuongdz/ 21 KB
7 KB 875ms
875ms Script
application/javascript 2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanqua-tet.garaena.vn/chuongdz/kensine.js?v=1.0
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22f93c0d8bd9dbeaa97b0990c8d21bc05bb0d2f659049383c012238fcbf31105

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:41 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 15 Jul 2022 07:39:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cu4cO2sI6xscmfMOZ6s4GR9WCrk8GEpYQY%2BJwtxNnZMmGVoshFipHF5btUStyruitqik%2BU%2BcR%2BbfqwjDArEkJEIuN3EHmlJR40n5YjluSITj8%2BhSXX2ArXaBsjw8IQtyp1RpW2WHPAp%2FV8u3bHo0UupuK3QX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8565bd843f9990e8-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 p-ed7a529f.js Show response
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ 17 KB
8 KB 43ms
42ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-ed7a529f.js

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96a553886c4297cb0c11eaabeb30d8a905bfe6e814e522aa2d91144513932769

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ionic.esm.js
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1874
x-jsd-version: 7.7.2
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230077-FRA, cache-lga21921-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"4440-VDyBdKM/AqQeP+9lvRpIViz58/I"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HR0T%2BK9PgUBCehSkL2JRL0Sz5qdimpKcAc5D8%2Btfc1blz5Ts0GXJ3WNdmJWqcyvk1iv5DUTM%2FyUP0P7wR2WNN6xwnuTfR%2Bfel3pCRrdTpeuIDa47qXM6k%2B20Iy35Exiw1t8zIJmqWhgp%2F%2B1K10E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8565bd7eaaab37f7-FRA

GET
H2 200 p-de55ec45.js Show response
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ 121 B
471 B 37ms
36ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-de55ec45.js

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38cdd8677e4e0e33cff948e127b93450a4abdb5f3758057634937cfbb3deda15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ionic.esm.js
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25851
x-jsd-version: 7.7.2
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220093-FRA, cache-lga21968-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"79-NdPzu5HEHLByinkpKadEQVQ5bwk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTik6hxJdh00naTRmkgeDLTwxzAknXbaA0Uo6yrxkfggFdy112DPLUaL3JX7K4wxppTkFlbT%2FW6SmdlKoWfZcwmvCyZvBWQYZpD1bxiiHsoP%2FScjkktRgOuCw5CYQBXM4cLwj2VSrLwbrBO9sVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8565bd7eaab037f7-FRA

GET
H2 200 p-5d7e32ce.js Show response
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ 3 KB
2 KB 36ms
35ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-5d7e32ce.js

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e54ed2948abb074c66010c0252543eadbaab6b00e1f9740780b79c78d69865be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ionic.esm.js
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1874
x-jsd-version: 7.7.2
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220027-FRA, cache-lga21929-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"cca-qp8eGd0+9Hbrn2n1rqdb964RZLs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zix4Itp6Db%2BSZjN1CUcnO0zC3rIXpu5bNahBxe8G5knIQ9xUwuw4oCBEtTJwrvEvxrw5WUqJnKFpBt5JXTw7jQHaUYSZWgDc0g9%2F6Jn6ss3i3T7h3pmAITkhJn6Ab%2FOXBllUrRbVf063Kh8XqZ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8565bd7eaab237f7-FRA

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
939 B 99ms
30ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

feab8f6a47c565e9ad5bddc3b2b73ea921975d2564208e169905c78266437bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 12:19:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 12:19:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 12:19:40 GMT

GET
H2 200 ULZXMG4lZz8 Show response
www.youtube.com/embed/ Frame E943 90 KB
39 KB 178ms
127ms Document
text/html 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13810fe0818ec887c215ab0f48e270cdc5dc149b8b147adf5143c232b8499af9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nhanqua-tet.garaena.vn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 12:19:40 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Free-Fire-Desktop-Wallpaper.jpg
www.kolpaper.com/wp-content/uploads/2020/12/ 408 KB
409 KB 112ms
37ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kolpaper.com/wp-content/uploads/2020/12/Free-Fire-Desktop-Wallpaper.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

439fd9c373886a6039994ec5e13b5076d5f79f5e14506ea5679232dc0da51832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:40 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 86456
x-cache: HIT from Backend
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 04 Dec 2020 21:09:18 GMT
server: cloudflare
etag: W/"5fcaa57e-6600b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTUJVI%2BTRLG4MtGTGypXVPqQU4HDR4RIXfSs4ILTTuh588tMrLa4Yg9lsRuiMNQOb%2Fr0vTxlUDcqcCvRNMi%2F%2BVIon4RYBeyx8ieAFgDP8zWFqWBqd7w821ItzmBeCh4wOqupeKJjtp9bTQIVAR6P"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
cf-ray: 8565bd84bfda3632-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK bg.jpg
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 40 KB
41 KB 136ms
57ms Image
image/jpeg 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/bg.jpg
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: 6e540389402e3ced8b111dca3b7f564046e027fdbc472359c9d0e0bced2c346e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSVtg3JOOv/Can+yp+SWFtyMhRXJaQf4
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "b622e31856ae444b6c4a8ce98c953ea0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018DAA0B1217954FE42C0655F264
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 41015

GET
H/1.1 200
OK bg_icon.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 30 KB
31 KB 144ms
53ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/bg_icon.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: 33ea0b0fde442c704bb17650b00bf78e84e9eef9664159191df0a6c4850e849c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSq7ecnqQqLkJXXmy0lfovJYLuOjHqOZ
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "5f0e05495e817397cea2a23208b997e8"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018D877B034A954D2CE2232A7F78
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 31176

GET
H/1.1 200
OK header.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 58 KB
58 KB 185ms
64ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/header.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: 73a43e9a3b24f10852bac31ff21a50e65bc24030b0db18afdeba5e632ba81072

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSTg0gUJSY+XA+7asjc9qDslO5j8LUjT
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "71057ee2a0c3e2a18ae5b044924a412c"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018D77A6E432981161360D11A0A7
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 59341

GET
H/1.1 200
OK arrow.gif
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 4 KB
5 KB 189ms
49ms Image
image/gif 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/arrow.gif
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: 29685bc4737559acc10db79fd9536f3bf301e00ac20c497ed32ae6181e0ab260

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:41 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSfShrbWvNidoMrzbcKTijf2hKJmxGaI
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "e7ee2c678d2185905b0c5ac3307305ba"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018DA4DC2655914F71E7F16D3350
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 4454

GET
H/1.1 200
OK modal.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 167 KB
168 KB 130ms
51ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/modal.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: b8c0909154e5245f00756fd4dd8cdf388d279657314b07c550c6227cc7adaaad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSGCc8pHlCqNe0axwgbGkhjjFjoVdV2k
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "e8c82b6614df1742f5739c7f2933bcb9"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018D999B42139150EA67CC70212F
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 171268

GET
H/1.1 200
OK toast.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 5 KB
5 KB 120ms
40ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/toast.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: 8df3d3b0eaf7487e08932291d8b2a135ad2ecb2e32bcaba6308df2e2fb7e3436

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSEEnRX1CLF/Xcx1k1xWUcWQ0hsK1Q9K
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "1970383e1b289caa82622e38d4be9643"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018DAF0E2214914CD21285DA5F9C
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 4723

GET
H/1.1 200
OK purchase.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 7 KB
8 KB 133ms
47ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/purchase.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: c8827f7d38ae66631c5cc479dfb23d23a6131227f9ad8ae838d191aed191660f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSHgtczjvKpbpruNSgPknEleE87Kvnde
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "f8a1198fc0fd4e19cce68cb98cbd8ab1"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018DAA0B18909946A27414D1D3DA
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 7350

GET
H/1.1 200
OK purchase_g.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 6 KB
7 KB 181ms
46ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/purchase_g.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: ba6e1178e628e430d7126f1fadc56ec7ede45d051320c0e8908b9a9de63f8fed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSmOPIM+059pJT1Iyp/W82BYhinNUqkg
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "030fa1f374bcf291bc5f5d66bcdd1873"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018D424D35A4914FE4043262D829
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 6410

GET
H/1.1 200
OK pool.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 39 KB
39 KB 143ms
57ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/pool.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: f936df3794653b1a21c936fed39043e31171b84fced1723991a7fb5eac30bc5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:40 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSRSc1UcCNv787LEU7e6IzBjwN7oZen6
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "404ef9fcf563fb04baa76b6967009967"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018CE08790F191459D6A6E3E5C27
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 39498

GET
H/1.1 200
OK left_tit.png
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/ 6 KB
7 KB 182ms
41ms Image
image/png 23.48.23.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/left_tit.png
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.23.64 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a23-48-23-64.deploy.static.akamaitechnologies.com
Software: OBS /
Resource Hash: 020487b2ceebc26c8d309b0ab94170981c0a3b093eeb85a4dc5737e83e83f4fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:41 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSduv6lWky4NCdEhQKyehTnRVrIetJx4
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Server: OBS
ETag: "a7be21a739cb627134f7b4f727d22738"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-obs-request-id: 0000018D877B00CB901EA99616B12C3B
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 6411

GET
H2 200 PressStart2P-Regular.ttf
dl.dir.freefiremobile.com/common/web_event/gamingdice/fonts/ 113 KB
114 KB 167ms
65ms Font
font/ttf 2600:9000:2127:b600:12:3436:3dc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.dir.freefiremobile.com/common/web_event/gamingdice/fonts/PressStart2P-Regular.ttf
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:3436:3dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: OBS /
Resource Hash: 1732cbf0b83525ca6769c3a58d15de73f38122ed8c056ca7e30a6076767ef3d6

Request headers

Referer: https://nhanqua-tet.garaena.vn/
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:33:11 GMT
via: 1.1 cb11ca2ff3db5adbe7df4bca70e51594.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2789
x-cache: Hit from cloudfront
x-obs-request-id: 0000018DB1B11DA898108610E4605153
content-length: 116008
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSlQ6CByLyW4/ihKApiqEU6O63AvGpcQ
last-modified: Thu, 04 Aug 2022 12:32:15 GMT
server: OBS
etag: "2c404fd06cd67770807d242b2d2e5a16"
access-control-max-age: 100
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: Tpc94LZahl5LPeSBj_ubSMaWy2dx04aGEuYytn5wCGzYECy5oGKJUw==

GET
H/1.1 200
OK 805AD88C-21B4-02B8-4D75-342F16BCBE43.woff
files7.webydo.com/91/9140034/UploadedFiles/ 20 KB
21 KB 445ms
376ms Font
application/font-woff 2606:4700:3108::ac42:2b55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://files7.webydo.com/91/9140034/UploadedFiles/805AD88C-21B4-02B8-4D75-342F16BCBE43.woff
Requested by: Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/css/style.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7bb88750901d69a3639be7393062bb2fdab860e075805eb733c4e547074ff0ea

Request headers

Referer: https://nhanqua-tet.garaena.vn/
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 12:19:41 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Sun, 30 Aug 2015 12:10:46 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
ETag: W/"55e2f2c6-5098"
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVG6tMXCHyTINEMbXNmAHxA0nN2aVj41Occnsemxs9LgOIZNZIZJZSVF0RjPUVLi9A33SvJ%2F2G4PJ9BsosXmu%2FaXSgdNrgpFKA98so2dqYEUEmJ1Idzoq%2BpVXDzy0SokbuwPh439CQlki%2FIvUoLA"}],"group":"cf-nel","max_age":604800}
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Connection: keep-alive
CF-Ray: 8565bd84a9179259-FRA

GET
H2 200 wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2
fonts.gstatic.com/s/baloo2/v21/ 19 KB
20 KB 73ms
22ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2646602d0beed6bdf7af300b997903ae1ebf2fac68ccad2539410942814fe97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:05:02 GMT
x-content-type-options: nosniff
age: 270878
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19496
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 21:04:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:05:02 GMT

GET
H2 200 wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2
fonts.gstatic.com/s/baloo2/v21/ 5 KB
5 KB 78ms
30ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12f0cd69f190f7db4c5cd05962c9f56e3c510061e9ca6201bb78776329906d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nhanqua-tet.garaena.vn
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:26:49 GMT
x-content-type-options: nosniff
age: 67971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5448
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 21:11:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 17:26:49 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/12356a38/ Frame E943 366 KB
47 KB 22ms
22ms Stylesheet
text/css 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/12356a38/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aab3cce571d9d91f7cdbe1c07a94f9ac13a03c4176c39a1ced1354dd6952f0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 08:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48189
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 05:17:55 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Feb 2025 08:24:17 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E943 15 KB
15 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:50:21 GMT
x-content-type-options: nosniff
age: 271760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:50:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E943 15 KB
15 KB 30ms
29ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:09:14 GMT
x-content-type-options: nosniff
age: 270627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:09:14 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/ Frame E943 53 KB
17 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf07be97266304e14e4d962a82da6491f4411c2c23f8ee217c28a3ef0b57d348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 08:24:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100514
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16888
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 05:17:55 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Feb 2025 08:24:27 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/12356a38/www-embed-player.vflset/ Frame E943 318 KB
95 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/12356a38/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a97387c24441b4af933b0b259f96d38548863a1d04bb3717e00db02a524dc30c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:49:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97098
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 05:17:55 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 15 Feb 2025 11:49:06 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/ Frame E943 2 MB
778 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95ac1d76f9e5deab8915e2d31f14487cb02590cc001dca6de738ab8f117c4aa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 08:24:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100514
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 796513
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 05:17:55 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Feb 2025 08:24:27 GMT

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame E943
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

33ms
33ms

XHR
application/json

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2ec84bc475ff86d5354c915fbbcbf841cacc6992b0e2e6195ae90bd3c3eac1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 16 Feb 2024 12:19:41 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame E943 29 B
495 B 92ms
23ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/12356a38/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:12:15 GMT
x-content-type-options: nosniff
age: 446
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Feb 2024 12:27:15 GMT

GET
H2 200 Fp6QulWswpmLMJEWkaTJt3cp4P6ZSFxx-IHTkppzlzQ.js Show response
www.google.com/js/th/ Frame E943 51 KB
20 KB 86ms
30ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Fp6QulWswpmLMJEWkaTJt3cp4P6ZSFxx-IHTkppzlzQ.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

169e90ba55acc2998b30911691a4c9b77729e0fe99485c71f881d3929a739734

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 09:48:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9051
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19965
x-xss-protection: 0
last-modified: Mon, 05 Feb 2024 17:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 09:48:50 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/ULZXMG4lZz8/ Frame E943 70 KB
71 KB 74ms
23ms Image
image/jpeg 2a00:1450:4001:813::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/ULZXMG4lZz8/sddefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fa470e3412d3d0d9bdb9fcd2850ccbfa17d12a1d9420b80662951ed062b601

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:06:22 GMT
x-content-type-options: nosniff
age: 4399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72005
x-xss-protection: 0
server: sffe
etag: "1674215912"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 16 Feb 2024 13:06:22 GMT

GET
DATA 200
OK truncated
/ Frame E943 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 a130mZWB4CTSrOPfH6FgGP8r4WBCW89FyVMhZp-A7keda3EwGWdlyrGCCtCj5UzGdq1wI30R=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame E943 5 KB
5 KB 76ms
24ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/a130mZWB4CTSrOPfH6FgGP8r4WBCW89FyVMhZp-A7keda3EwGWdlyrGCCtCj5UzGdq1wI30R=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6217446bc76872afe80af4d616495dab7d743445b1969c44e10345bd00a94c61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 09:13:30 GMT
x-content-type-options: nosniff
age: 11171
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4671
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 17 Feb 2024 09:13:30 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E943 5 KB
5 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:34:54 GMT
x-content-type-options: nosniff
age: 67487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5224
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 17:34:54 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 84ms
32ms Preflight
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 16 Feb 2024 12:19:41 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E943 88 KB
41 KB 42ms
40ms XHR
application/json+protobuf 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e44990e45b6541af3931d861ed93e089ee830651bb22597949eb00f8811f8699

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 16 Feb 2024 12:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41577
x-xss-protection: 0

GET
H3 204 generate_204
www.youtube.com/ Frame E943 0
10 B 23ms
22ms Image
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?cEIPxw
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:41 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 32ms
31ms Preflight
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 16 Feb 2024 12:19:41 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E943 90 B
134 B 36ms
36ms XHR
application/json+protobuf 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/12356a38/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

43c2034fc3fa094e71fd637d0908b93eef039cf61ecaf8db6856533018b3b3cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 16 Feb 2024 12:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H3 200 old.php Show response
nhanqua-tet.garaena.vn/pages/ 2 KB
677 B 800ms
799ms XHR
text/html 2606:4700:3033::6815:31f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhanqua-tet.garaena.vn/pages/old.php
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:31f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 66fe1e0e613dd04d3ae38e03225c4ff44b5ab674202335b6702cafc7d8daf4cb

Request headers

Accept: text/html, */*; q=0.01
Referer: https://nhanqua-tet.garaena.vn/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SjFIoLfXiRLbXRSnfYYE2PHAi1NxTomhWqWlqIxGcMfoqwjUPCED1iqZ90LbIWEyNuRjsOUjLp3ap%2Fav3N6rDck7rKQu8SWkLRA1vCqipqguw%2FcCWL5thNsU1iobj28epjKjc9Z3bzHMHykqwWUam2uDWllv"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8565bd89eeb090e8-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
na.apps.amsoveasea.com/swoole/ 38 B
175 B 1129ms
359ms XHR
text/html 129.226.2.89
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.226.2.89 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx /
Resource Hash: 3b36b8fac521b661b6bbb5d3c7654bb1ee31190d1cc310961d00615f0298ccaa

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://nhanqua-tet.garaena.vn/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 16 Feb 2024 12:19:42 GMT
content-encoding: gzip
server: nginx
content-length: 57
content-type: text/html

GET
H2 200 Qpozmt8.jpg
i.imgur.com/ 6 KB
6 KB 26ms
25ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Qpozmt8.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

350071ae405fddbbcdd4d7732f32dd6e3ac86c75e64d7350983247d9d5ab89cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 3206120
x-cache: Miss from cloudfront, HIT, HIT
content-length: 6340
x-served-by: cache-iad-kiad7000039-IAD, cache-fra-eddf8230052-FRA
last-modified: Fri, 15 Jul 2022 13:59:57 GMT
server: cat factory 1.0
x-timer: S1708085983.894276,VS0,VE2
etag: "de3d66cd4772a6c1709f56740b285a36"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 44EiSTeS3-fj2gfEG69I93B_stcrS6M3H2eJgaRd-TSNjXmXJNG54w==
x-cache-hits: 177, 1

GET
H2 200 tId6xK2.jpg
i.imgur.com/ 6 KB
7 KB 28ms
27ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/tId6xK2.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

4e25fa3fd784a6a1bd707310d5df5bc185d7d22a3b7662e6723a213d908a72b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 207230
x-cache: Miss from cloudfront, HIT, HIT
content-length: 6440
x-served-by: cache-iad-kcgs7200075-IAD, cache-fra-eddf8230052-FRA
last-modified: Sat, 28 May 2022 16:37:17 GMT
server: cat factory 1.0
x-timer: S1708085983.894528,VS0,VE2
etag: "ee255378cd76d12de00393ef0ba4b27a"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ocw4-o141uwRpeiqgNEpChNtgj5jY-vt1QTAvaQ9wyfYI2v80jg5KA==
x-cache-hits: 14, 1

GET
H2 200 7iDXxY0.jpg
i.imgur.com/ 6 KB
6 KB 49ms
48ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/7iDXxY0.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

632cc589aa073cddb6dc468216dd32b6ff05313f948fd6cd3f59c96176cf6b60

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1683375
x-cache: Miss from cloudfront, HIT, HIT
content-length: 6382
x-served-by: cache-iad-kcgs7200164-IAD, cache-fra-eddf8230052-FRA
last-modified: Sat, 28 May 2022 15:46:51 GMT
server: cat factory 1.0
x-timer: S1708085983.894506,VS0,VE3
etag: "f0566e4320ae84107785d057a774ae71"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: vN5t-FesrWS5g5nf7Zu8DO_WT1SddL3C3l4pQq45aLF3mpu40F7HtA==
x-cache-hits: 283, 1

GET
H2 200 5Q2Q9sK.jpg
i.imgur.com/ 5 KB
6 KB 34ms
34ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/5Q2Q9sK.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

f4d985876d3a73f251ed09511dd02f8dd0dc706aacad39c96a5e9f2845dec2bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: PHL50-C1
age: 2698561
x-cache: Miss from cloudfront, HIT, HIT
content-length: 5560
x-served-by: cache-iad-kcgs7200054-IAD, cache-fra-eddf8230052-FRA
last-modified: Fri, 15 Jul 2022 14:02:08 GMT
server: cat factory 1.0
x-timer: S1708085983.895088,VS0,VE2
etag: "64e293a61ba7a1bd2f0f74d7c5d1be05"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: af2a88_KzhDlWhZqVVmAkmXV7pZx_RtWNYS0r778uu-lg1IhIPS9Dg==
x-cache-hits: 142, 1

GET
H2 200 kFzOvKB.jpg
i.imgur.com/ 5 KB
6 KB 36ms
35ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/kFzOvKB.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

677aff0cc2ca154fbb857b9df9403bb24817d7c4560182c9424fcee889445588

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 1563425
x-cache: Miss from cloudfront, HIT, HIT
content-length: 5559
x-served-by: cache-iad-kcgs7200171-IAD, cache-fra-eddf8230052-FRA
last-modified: Fri, 15 Jul 2022 13:59:57 GMT
server: cat factory 1.0
x-timer: S1708085983.895385,VS0,VE1
etag: "57f61cfd334e7ebe297f611db8e3f195"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: y0PYA17_LM_NCn_ADNdIs4JJjAWjzFoZfTm62XFYhrkmiIxltarjkg==
x-cache-hits: 61, 1

GET
H2 200 VQh8L4Q.jpg
i.imgur.com/ 10 KB
10 KB 51ms
51ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/VQh8L4Q.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

bbae609437d028b997620ba4e85389c1b317534ecb17881b19bc8b4edba08e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P4
age: 2054562
x-cache: Miss from cloudfront, HIT, HIT
content-length: 9941
x-served-by: cache-iad-kjyo7100028-IAD, cache-fra-eddf8230052-FRA
last-modified: Sat, 28 May 2022 16:37:17 GMT
server: cat factory 1.0
x-timer: S1708085983.895461,VS0,VE2
etag: "760bffe1a5e62cee384c8151889762f1"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: _v7muFEsfsXBz-doBXeAiAQrkFODF9i0VpzHFgjZVRMM_fAvY9hTYw==
x-cache-hits: 113, 1

GET
H2 200 FsDGZCK.jpg
i.imgur.com/ 7 KB
7 KB 30ms
30ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/FsDGZCK.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

258285515b232b0115a9065a13177e8f66c45f3ac72bc865bca89eba6d5b87e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 3069367
x-cache: Miss from cloudfront, HIT, HIT
content-length: 7229
x-served-by: cache-iad-kjyo7100023-IAD, cache-fra-eddf8230052-FRA
last-modified: Fri, 15 Jul 2022 14:06:40 GMT
server: cat factory 1.0
x-timer: S1708085983.895054,VS0,VE1
etag: "ad7252e86e74c5f900f91c0e062a4e84"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 1rXZ_UKbIMBRuNa1lMSa4FN8tyyMkaLZLnGIFDyb0V-4CkeOq70vfg==
x-cache-hits: 21, 1

GET
H2 200 qlpQY5S.jpg
i.imgur.com/ 4 KB
4 KB 33ms
33ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qlpQY5S.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

85838033c78bcce6d2da3e527d9af9d2f425c2c1c79e0ab8151f3e56ebf818bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1362314
x-cache: Miss from cloudfront, HIT, HIT
content-length: 4318
x-served-by: cache-iad-kcgs7200127-IAD, cache-fra-eddf8230052-FRA
last-modified: Fri, 15 Jul 2022 14:14:34 GMT
server: cat factory 1.0
x-timer: S1708085983.895002,VS0,VE2
etag: "dcd67e92b329d684c64754415f87bfce"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: J58dlxPz0Sc1FJ79MFKxz_j2VUpCYQKlmSsO2mv3GCdJJ_UGV7eYtg==
x-cache-hits: 6, 1

GET
H2 200 Wy3nXTd.jpg
i.imgur.com/ 4 KB
4 KB 27ms
27ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Wy3nXTd.jpg

Requested by

Host: nhanqua-tet.garaena.vn
URL: https://nhanqua-tet.garaena.vn/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

fb1664074515e90d38b70a6a0d65b8cd3c78a87bd90455d7bf2f0d25a56c13cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nhanqua-tet.garaena.vn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 12:19:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 1087631
x-cache: Miss from cloudfront, HIT, HIT
content-length: 3810
x-served-by: cache-iad-kiad7000172-IAD, cache-fra-eddf8230052-FRA
last-modified: Fri, 15 Jul 2022 14:05:10 GMT
server: cat factory 1.0
x-timer: S1708085983.894959,VS0,VE1
etag: "ac3623a4685c6aebc3fb0508369224bb"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: JZXef1SUBWWfzj54Q1Rhoa_c7gzfRH5pieclCziqacxg0ne1Iwbk0w==
x-cache-hits: 20, 1

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E943 28 B
50 B 35ms
35ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/12356a38/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
X-Goog-Request-Time: 1708085983484
Content-Type: application/json
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ULZXMG4lZz8?controls=0
X-YouTube-Client-Version: 1.20240213.01.00
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgswelhoYlNoOHY2Yyjcpb2uBjIKCgJERRIEEgAgTQ%3D%3D
X-YouTube-Ad-Signals: dt=1708085981174&flash=0&frm=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C363%2C184&vis=1&wgl=true&ca_type=image

Response headers

date: Fri, 16 Feb 2024 12:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 7qLqA7TwALU
			.youtube.com/	1970-01-20 22:47:17	Name: VISITOR_INFO1_LIVE Value: 0zXhbSh8v6c

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://nhanqua-tet.garaena.vn/tan/icon.png Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://nhanqua-tet.garaena.vn/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
dl.dir.freefiremobile.com
files7.webydo.com
fonts.googleapis.com
fonts.gstatic.com
freefiremobile-a.akamaihd.net
googleads.g.doubleclick.net
i.imgur.com
i.ytimg.com
jnn-pa.googleapis.com
na.apps.amsoveasea.com
nhanqua-tet.garaena.vn
static.doubleclick.net
www.google.com
www.kolpaper.com
www.youtube.com
yt3.ggpht.com
129.226.2.89
146.75.116.193
23.48.23.64
2600:9000:2127:b600:12:3436:3dc0:93a1
2606:4700:3032::ac43:c432
2606:4700:3033::6815:31f2
2606:4700:3108::ac42:2b55
2606:4700::6810:5914
2606:4700::6811:190e
2a00:1450:4001:803::2003
2a00:1450:4001:808::200a
2a00:1450:4001:80b::2006
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:812::200a
2a00:1450:4001:813::2016
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2004
2a04:4e42::649
2a06:98c1:3121::3
020487b2ceebc26c8d309b0ab94170981c0a3b093eeb85a4dc5737e83e83f4fa
02fa470e3412d3d0d9bdb9fcd2850ccbfa17d12a1d9420b80662951ed062b601
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740
12f0cd69f190f7db4c5cd05962c9f56e3c510061e9ca6201bb78776329906d0a
13810fe0818ec887c215ab0f48e270cdc5dc149b8b147adf5143c232b8499af9
169e90ba55acc2998b30911691a4c9b77729e0fe99485c71f881d3929a739734
1732cbf0b83525ca6769c3a58d15de73f38122ed8c056ca7e30a6076767ef3d6
22f93c0d8bd9dbeaa97b0990c8d21bc05bb0d2f659049383c012238fcbf31105
258285515b232b0115a9065a13177e8f66c45f3ac72bc865bca89eba6d5b87e5
29685bc4737559acc10db79fd9536f3bf301e00ac20c497ed32ae6181e0ab260
33ea0b0fde442c704bb17650b00bf78e84e9eef9664159191df0a6c4850e849c
350071ae405fddbbcdd4d7732f32dd6e3ac86c75e64d7350983247d9d5ab89cd
38cdd8677e4e0e33cff948e127b93450a4abdb5f3758057634937cfbb3deda15
3aab3cce571d9d91f7cdbe1c07a94f9ac13a03c4176c39a1ced1354dd6952f0b
3b36b8fac521b661b6bbb5d3c7654bb1ee31190d1cc310961d00615f0298ccaa
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
432360a0d8577899a613c18a11150cb52fa83c4863e8495d8a5cb03fa431f9f6
439fd9c373886a6039994ec5e13b5076d5f79f5e14506ea5679232dc0da51832
43c2034fc3fa094e71fd637d0908b93eef039cf61ecaf8db6856533018b3b3cf
4e25fa3fd784a6a1bd707310d5df5bc185d7d22a3b7662e6723a213d908a72b0
586ac831fad0cefd0f13039e7d78c4ddaeef50b3a64b1c5bdeea73b49bf06086
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5ca525fb4997147d46aeccd39e662436a0881b61c4feb8fc4be159e861a6c6c0
6217446bc76872afe80af4d616495dab7d743445b1969c44e10345bd00a94c61
632cc589aa073cddb6dc468216dd32b6ff05313f948fd6cd3f59c96176cf6b60
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66fe1e0e613dd04d3ae38e03225c4ff44b5ab674202335b6702cafc7d8daf4cb
677aff0cc2ca154fbb857b9df9403bb24817d7c4560182c9424fcee889445588
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6e540389402e3ced8b111dca3b7f564046e027fdbc472359c9d0e0bced2c346e
73a43e9a3b24f10852bac31ff21a50e65bc24030b0db18afdeba5e632ba81072
7bb88750901d69a3639be7393062bb2fdab860e075805eb733c4e547074ff0ea
85838033c78bcce6d2da3e527d9af9d2f425c2c1c79e0ab8151f3e56ebf818bd
8bdb4322a6170d1d92b43e3be71e72673051835bd52152e216efba7cb4e9e1cb
8df3d3b0eaf7487e08932291d8b2a135ad2ecb2e32bcaba6308df2e2fb7e3436
95ac1d76f9e5deab8915e2d31f14487cb02590cc001dca6de738ab8f117c4aa5
96a553886c4297cb0c11eaabeb30d8a905bfe6e814e522aa2d91144513932769
a97387c24441b4af933b0b259f96d38548863a1d04bb3717e00db02a524dc30c
ae4de0464f907f90721557737e22dbadf629ec2f606a0f94e5c9dd1bb6261240
b2ec84bc475ff86d5354c915fbbcbf841cacc6992b0e2e6195ae90bd3c3eac1d
b8c0909154e5245f00756fd4dd8cdf388d279657314b07c550c6227cc7adaaad
ba6e1178e628e430d7126f1fadc56ec7ede45d051320c0e8908b9a9de63f8fed
bbae609437d028b997620ba4e85389c1b317534ecb17881b19bc8b4edba08e0d
c8827f7d38ae66631c5cc479dfb23d23a6131227f9ad8ae838d191aed191660f
cf07be97266304e14e4d962a82da6491f4411c2c23f8ee217c28a3ef0b57d348
d2646602d0beed6bdf7af300b997903ae1ebf2fac68ccad2539410942814fe97
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d67f2b1a4841f39bdf796522a8b369192e323f27d0e45ac319774330d7dd3cf7
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44990e45b6541af3931d861ed93e089ee830651bb22597949eb00f8811f8699
e54ed2948abb074c66010c0252543eadbaab6b00e1f9740780b79c78d69865be
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f4d985876d3a73f251ed09511dd02f8dd0dc706aacad39c96a5e9f2845dec2bc
f936df3794653b1a21c936fed39043e31171b84fced1723991a7fb5eac30bc5f
fb1664074515e90d38b70a6a0d65b8cd3c78a87bd90455d7bf2f0d25a56c13cd
feab8f6a47c565e9ad5bddc3b2b73ea921975d2564208e169905c78266437bd6
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

nhanqua-tet.garaena.vn Open in urlscan Pro 2606:4700:3033::6815:31f2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

60 Requests

98 %HTTPS

86 %IPv6

17 Domains

20 Subdomains

21 IPs

3 Countries

2500 kBTransfer

5110 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

nhanqua-tet.garaena.vn Open in urlscan Pro
2606:4700:3033::6815:31f2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

98 %
HTTPS

86 %
IPv6

17
Domains

20
Subdomains

21
IPs

3
Countries

2500 kB
Transfer

5110 kB
Size

2
Cookies

60 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!