| asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 |  172.67.191.176 | 200 OK | 6.3 kB |
URL User Request POST HTTP/1.1asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 IP172.67.191.176:80
File typeHTML document, ASCII text, with very long lines (15245), with no line terminators Hash1498e45e4d5cdc109a6cb2f6c5eca64b 5be9b032f38405823b879a72413604b12dff6d54 6f27fbe3689557f363b53287b12d24031cc6ff810d4668dc7a2be8ebcdcebe85
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: zN7V7kZ0kiXSAcc41DBzQ0HyLohMG9RRsNV+3bJ6UFd/Ai8s1gyHtWcNoYAMP3EZj4XetfblnHluCXa6ijROmXyp32zvdduU4O0ss1twd2kGzw6IHIDkz0KUdZPc5n3oks52UtCPON8sTQA8piTEeA==$yixbKJF/WGrv9sxiykYgJg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2FY01mCfgCuevYPJ551OdrpezIaHdDXabOvmvN9TLygUcw5X1jOoomdjQOl3v4madB69%2BOMbW7V2lE2LdmUBfEyqzzGaHIBSmBc8LU9DnATioCen%2FOWEiCjTbqjvisUtVSA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d8a05c281bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8796d8a05c281bfa | 172.67.191.176 | | 110 kB |
URL asctrans-vn.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8796d8a05c281bfa IP172.67.191.176:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size110 kB (109912 bytes) Hash58ba93e88c83d9a970d76c13ec26679f 1a8808f004587907036b390b330f86caf1af68ee 0134ae877209b33497c0ab7214fc8f3cb4f64e9e77fab5cd2d595ab8ea5218a4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8796d8a05c281bfa HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4?__cf_chl_rt_tk=EzeuB734gsuF7LBU5mCBKc.e4WeE1RrgipApin8x.pg-1713969602-0.0.1.1-1813
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 14:40:02 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OToSszcTp9Rhsr2ACt%2BrtTATC7zMY%2FOcAgwGmeH8JtiMW51xjLdtv7TKKtqJD0sU687Oy%2Bclp1431xfh38eJsG0Vm%2FDLnWrQf%2FbehHCJPJnMiNTxvkODIxWndA5ZxlTmHnQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8796d8a1edc5b50f-OSL
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/favicon.ico | 172.67.191.176 | 403 Forbidden | 6.2 kB |
URL GET HTTP/1.1asctrans-vn.com/favicon.ico IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (14784), with no line terminators Hash8e024a3c528733fb0c1d2a8d0cbf9b08 1f9da169361f197fa7248fb3660f2edec382f28a d233932140857fdb1069f16e9abb4d35622800fb43ff17b787b184c894a60a07
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4?__cf_chl_rt_tk=EzeuB734gsuF7LBU5mCBKc.e4WeE1RrgipApin8x.pg-1713969602-0.0.1.1-1813
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: l8c8deVzwNq3TeRCjGOWrzTi1DenfnZpZKrnzE6wxrx0BujKDs+hsPEDAY7SuaImGWSTFo433BZVSPyuCDyde551D82BKp3ebgiD6idxAjfnWijWj2maOW8CEaR7iYGZD1rgZckUVLsLlBFn945xRw==$oNtK9PlE3zksjShT6oXKug==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yH1GFka8CdgYRc6AsaT4E%2BuDXqmCwjYA5ZGEp9HXBu9XqVM3pI0aWtYlC81%2BUCabGjVjuW%2Fl4fe9phdmeyvsLpJ91fXF9VdzfoPFSdRjWFcraCZKQXUB4UxmBO89DP0aD6o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d8a24e2fb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/favicon.ico | 172.67.191.176 | 403 Forbidden | 6.1 kB |
URL GET HTTP/1.1asctrans-vn.com/favicon.ico IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (14699), with no line terminators Hash2b1a04d8c80384ce3e99000cc5f00b4f dd30be655233619b7a620d478b93591015d65e86 c7aea94acde8a0d8883048ccae803cab9d517e36dedd8ba60cc74d25567f8e49
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: kvePvuCi748xEDou7/F+zDBEm6J5CGavZ5YW3SIXbHDprmTPL9knfHbmua9wglFpSPDQuwbpZrXo+bcTS6wyKeJwAnybFm7H6yNTzsQT42swvN4vbeXH7VCmG5Zl33glQ8AEeNVdMVgKzPNRzxH/tg==$74k4RARpXdvqd/MGFWSJ7w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UAyFmIV6T3lEJbfgAz%2F1TVLQtEmy%2FmRui7O0SvlfcdSyBhSI4gyCh7r6EQbgoyli8VxcD8aV7qxZ5Lqs8tJq9hqxpcRL4SuaHpzhh2AAQJgEdkS3QE0y0EksTr1sXV8gV5k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d8a32d3256bd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/cdn-cgi/challenge-platform/h/b/flow/ov1/881340233:1713968847:B70bwflkrGj9BGUKAQZkdQ4eZDKflCPWv7f6y10jR_0/8796d8a05c281bfa/21f8b0d8697edb4 | 172.67.191.176 | | 12 kB |
URL asctrans-vn.com/cdn-cgi/challenge-platform/h/b/flow/ov1/881340233:1713968847:B70bwflkrGj9BGUKAQZkdQ4eZDKflCPWv7f6y10jR_0/8796d8a05c281bfa/21f8b0d8697edb4 IP172.67.191.176:0
File typeASCII text, with very long lines (15944), with no line terminators Hash546aa71ab41f7dcfe385e0481b39c5ab 64459f41457dc1b09b4a18ef4e8d74ff08090620 7ea10e8e8b036e040adb273405ebc5d4660610c021ac32fc728f05493b3b9c7f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/881340233:1713968847:B70bwflkrGj9BGUKAQZkdQ4eZDKflCPWv7f6y10jR_0/8796d8a05c281bfa/21f8b0d8697edb4 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Content-type: application/x-www-form-urlencoded
CF-Challenge: 21f8b0d8697edb4
Content-Length: 1948
Origin: http://asctrans-vn.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 14:40:03 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: k5K4gKy6WCWXmO7jjQfuf9x0/73WtcUjxUScPKs93PwOBdfPVQL+6oorBqVIrMMZ$XDInEIu9SKafQI0GXANdZQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YrqB9rnYgzVV7qgYVlYl%2FObAb5klUOjss%2Bv%2BAQX0P7fQEmMvCbmaUt7sn75dUHLcDKRCPENi61r6oYKw21N9Usawpjd81B%2FwRfupeHKcrf8KMv3RIINisJ2uQBl3Q9Z%2BllQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8796d8a3aecd56a5-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D |  104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:03 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8796d8a51a1656ae-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 | 104.17.3.184 | | 102 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size102 kB (101913 bytes) Hash6a18e002219445ef67394a00924afad6 700c69709dbd77f79f05c26608d71d559edc15c5 71a19ee01c36631a7d8b8e0b3fc4e2aba2d5f029b2a21b058669348822d5d721
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e7d804d192d0db0
Content-Length: 3311
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:03 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: eMW59ER8PVhxDHB1Jep8ey3HzfQMxT6S9FTsQosr7ejBlPeDTzXW6klhjiG+nhA1xvaVHrPVZnd6eoB9JQIZ9C/RU55iysVcZUu5QoOToCKdYASMTbu9QNMdSxu/qKzrxJzaLA8g83DLbA9M18r7qwbUhPWuYZWWuE9Py2ar2HS9j1+4fxd25S9MBHPXwauR3QB0HRJzPxrZC/94g1pO3bLtMr5wMDoRQcDV+OV+mQsJJEIw5dq1XrhSmrp7fTzojpDCaJclkqIG8z7js0X+1U+WlWyXeycgRNswF5kx62YihzVzarAdxQqQ8uyqqzuXiC9Tlr8LErlrVdSbb687jtwp3iGbDCcqYCX/X5YBTDTpkdOlvuoLL8bR85eKG2ZqD2wvACNJEHhcEXfiKa+PL8KE+H/7v4tZhEB0Tn/NQLY=$qavgTRDAgmc7u4+cSHHsSw==
vary: accept-encoding
server: cloudflare
cf-ray: 8796d8a6fcce56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8796d8a4995d56ae/1713969603696/gYFrKcY-YfQCaM2 | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8796d8a4995d56ae/1713969603696/gYFrKcY-YfQCaM2 IP104.17.3.184:0
File typePNG image data, 65 x 16, 8-bit/color RGB, non-interlaced Hash0cb805b31c03410b35b7b59620e6bdd1 dce74b5ff30f471cdc488450be5960897764b347 8a819fe821c8fb81b36265172185f953e27796723870074890dd3f3a36aac5d6
GET /cdn-cgi/challenge-platform/h/b/i/8796d8a4995d56ae/1713969603696/gYFrKcY-YfQCaM2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:04 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8796d8ae5e9956ae-OSL
alt-svc: h3=":443"; ma=86400
|
|
| asctrans-vn.com/cdn-cgi/challenge-platform/h/b/flow/ov1/881340233:1713968847:B70bwflkrGj9BGUKAQZkdQ4eZDKflCPWv7f6y10jR_0/8796d8a05c281bfa/21f8b0d8697edb4 | 172.67.191.176 | | 1.8 kB |
URL asctrans-vn.com/cdn-cgi/challenge-platform/h/b/flow/ov1/881340233:1713968847:B70bwflkrGj9BGUKAQZkdQ4eZDKflCPWv7f6y10jR_0/8796d8a05c281bfa/21f8b0d8697edb4 IP172.67.191.176:0
File typeASCII text, with very long lines (2332), with no line terminators Hash9abd0294ee8bd384f3d8709f9b0a0be1 89826c536acfc3d66276d1ad9e0854bd5ca1401d 245ccdff2676a99385e2ab8fbdefe6235f6f4561d9549453ff7c4606f5fb07ce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/881340233:1713968847:B70bwflkrGj9BGUKAQZkdQ4eZDKflCPWv7f6y10jR_0/8796d8a05c281bfa/21f8b0d8697edb4 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Content-type: application/x-www-form-urlencoded
CF-Challenge: 21f8b0d8697edb4
Content-Length: 2606
Origin: http://asctrans-vn.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 14:40:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: jTQSit/kr6q4Ynd1yH9SpQgsSHAlFhwDCFHixzyo590dZR+vQXhS3JYk7AG9zelvBsfMrdalQv1kWo7LFYNKGSqne/fp3TghMFfJX+/BtDI=$ORC34keWR05l8dykcUZBrA==
cf-chl-out: rQwJKEGN9BwdGROjMjRHcmV3jiR8yq9bqAeubgHzxQWzK8qSJg+65dS8Zq3M37MKo0LaOwvJiiNCLuToMNKbVzEaa52SzFN1XZsXVoo2G0U=$iipBCBwtV8D67lcKToJMLw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oN0C6yfGM2K61HYTi2AjE4puFgv0LOKoRDLo2F162P2xF6uJsumDQPD9j5PME78bgQkJ3YjE3uXRKHq813y9JoxGQJdYGRqIReUhguo%2BoIvklesYyZmPTFhlAlv7sRb1Fmk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8796d8d6f88a56a5-OSL
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 | 172.67.191.176 | 200 OK | 6.4 kB |
URL User Request POST HTTP/1.1asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 IP172.67.191.176:80
File typeHTML document, ASCII text, with very long lines (15288), with no line terminators Hash3864f4928f873cbca6322350e3a601fb bd644772844b79fcccd342366f1ff853cde87624 829aad288907d04cfdbbe57af86a69e61ac82e75b750978af8f1356b0c080c0e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: EG2C6e1PmfEc4kfGr2WxYIalJMlBsM2YH2NqJ8p3bVoinB1wa2aSyEERy0E3lJbBkt68RuuY89LD87skVc8WqR+nNX2wmoq+F4Q2SlYdxWxD7IJ6qGslm5gMB7F4XxDEMfnV5Qa4nblKtm0HwWN7JA==$Pgp+6j6zFQUGXr74Bk6q/g==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cOBxrxJvShbTrY26DD7fAge3ufvbNWMDC%2FfjYuV9TE1602hZFg3ZOYSeEqSGanugux0LBILpxNeyGVTYkeg6eajNQnGSsP8DFFdCZPP2o7omu89v7qP03wXAGFz4z8yl%2FLc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d8e3cc2756a5-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8796d8e3cc2756a5 | 172.67.191.176 | | 114 kB |
URL asctrans-vn.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8796d8e3cc2756a5 IP172.67.191.176:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size114 kB (113547 bytes) Hash4ae8429fd68b6e4a921f401ed7a104f7 fd615e0fcbe132ae7d53060a9208e9a45bd0daf1 edd8fd37827882284d25a618c1c1b446293c1210721efb114aad420e319dc978
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8796d8e3cc2756a5 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4?__cf_chl_rt_tk=PMxlo3PT9j9nj..UR4Xq93Hdm78OXtotM5KwUiZvJkY-1713969613-0.0.1.1-1813
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 14:40:13 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=odQ5Dcp1UFOcIoSMff%2BsJpydS7TKg3M0CNSZVSeiFg00vjYecH23ChoYaB1mQyehtMHSD7tLiQM1NI5xTQ3KWqgkq9Jua1xDwAjOzrAWPLj%2FtstI0TukSWKI464WLQ9YHak%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8796d8e41b0e56c1-OSL
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/favicon.ico | 172.67.191.176 | 403 Forbidden | 6.2 kB |
URL GET HTTP/1.1asctrans-vn.com/favicon.ico IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (14805), with no line terminators Hash0e1ef17139b1081640e78dbafcb53aca be92a6e709a6b9fc595f0a9b8d6fc21e676143ee c65b9ddcfa38325b994a2878df53a7bb38628a13e8b8c3454256d31227b3ed4c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4?__cf_chl_rt_tk=PMxlo3PT9j9nj..UR4Xq93Hdm78OXtotM5KwUiZvJkY-1713969613-0.0.1.1-1813
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 1DKxhBj+QuzjQmFvJVbPOwvP7Pxw4KGuGRDkcW9Pi3qXzZnNG/mH6MaYIjDFnG9Eee3aKyw6X3MrBipv7cU4QjJ91o96hcarnsWG7WJrfJMwHm2Lugs7bPfCjRqkjvAw9MIRXA9Tr0qc2s40RLYWHA==$2fc6/Vi1wq3nGXSANIBQKg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdBfLe09ofDH7K28lL8M%2BUMVwEkRrxCopGwXylw6gHX4ilwYRHmzwyK%2BdJ01gQ8V0mXRxLIJ98I9GgZTDIwhJ7H%2BZcuGz8qhmPLZj9NHMJoReS29HJKI2yBTrGZQaDB15Qg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d8e47bb656c1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/favicon.ico | 172.67.191.176 | 403 Forbidden | 6.1 kB |
URL GET HTTP/1.1asctrans-vn.com/favicon.ico IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (14720), with no line terminators Hasha31bcd9e1d916f9b58e544d4b5f9347a cc56bf4dfa50c0e17f4e3709a24a1dbeca536ae2 b750a72174538939d3042e9a5e5a8008818ed95c298faccd14d98bdd734e7ff7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: zrM4Tw0Vn2W3w0XUevYDviKQWKSYRno6dJxTwPAupitAyyebIfOAb5jm2XYjSr29REtOKP65VCOpYTS+ycyYMFA8f8+VUUoOkmWGbyGsPJjgzEqOXrhPSVAoNHEsmvp9ivyR5cXEp3FnE+zg+QYr5Q==$RwRFnLTi/WFiTsc9ZYeMmw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlaNWDMFRuMTNP%2B0%2Fksjfg%2FBjapFXVzBBJvM5x8eI7J%2BOhXrKA6m0U9bkMsMVK22a3mXCYjx%2FjAFkUgvqpGEiKgyt%2FRbhhJrnnS5Rv4YZONgUHZ31T9IQVKNAtlKx9I26CA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d8e4cfc0b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 | 104.17.3.184 | | 34 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 IP104.17.3.184:0
File typeASCII text, with very long lines (22540), with no line terminators Hash6e3182e4e747e181e2c83fcf8c6452e7 88c24311e1da078491794e09b1ddba5c0bec3d75 2cde624718473dbbd7654ec5df47a440745bc5b9db5a7f2f2c57f8b1a05a39e8
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e7d804d192d0db0
Content-Length: 25610
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: jtSQ3BaxDD/MzxZtWj6YFDFB8q95bLuipu+uFJ0yzicZBZojT7SK1FwqsotlQ50W$zFQWibIGaJXmDYd2RJv9TQ==
vary: accept-encoding
server: cloudflare
cf-ray: 8796d8b1bc0356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/r83k4/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:13 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8796d8e6daa156ae-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8796d8e65a1356ae/1713969614223/uz3MaULQJaWV2tO | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8796d8e65a1356ae/1713969614223/uz3MaULQJaWV2tO IP104.17.3.184:0
File typePNG image data, 68 x 63, 8-bit/color RGB, non-interlaced Hash20d8bd40128f1589d78f811b28c42c66 ee4043a2c1909800a3ae52cec6f4cf99e4214b15 5e0882f572293d272158f95263f4cc5934bf4063015014e1f4274295e692248e
GET /cdn-cgi/challenge-platform/h/b/i/8796d8e65a1356ae/1713969614223/uz3MaULQJaWV2tO HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/r83k4/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:15 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8796d8f2183256ae-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1413681648:1713964564:KdUyhO-yTnRJA5-7syoil12rC7kCCykK6JjptUh1ubQ/8796d8e65a1356ae/c6037ce6e9ddccf | 104.17.3.184 | | 113 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1413681648:1713964564:KdUyhO-yTnRJA5-7syoil12rC7kCCykK6JjptUh1ubQ/8796d8e65a1356ae/c6037ce6e9ddccf IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size113 kB (112834 bytes) Hash35e02512b12a7c28a068f1e2fd97640c 1679ec931f784ce737d12ecc5c471d8b8c0c1a0f a767b345aec63527711b0cbb7676210b5874f7adc7697a67989086d6e527dcfd
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1413681648:1713964564:KdUyhO-yTnRJA5-7syoil12rC7kCCykK6JjptUh1ubQ/8796d8e65a1356ae/c6037ce6e9ddccf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/r83k4/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c6037ce6e9ddccf
Content-Length: 3379
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:14 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: RH6HW9pbplxFXGNjsLD9Pjquk+vGAFLCPxIuB6la90Eig60I/CAPptnCD7H9ZVNLOHfaRYIZiITQPThyk1nfvdhGZRLRiQrttqdFI5sMS3jDvVBXR2yTzzc1iizQowCE5FtC9bP5//MIReZxi/VELZ1LEYS/s9QriSWlcFfPxX0vTLn5r5diXR7/SWa/+dabZiGC6/DKVhVicOwPrqvo8eyMy+Jz0F6UCmiIt2f2ry2TiaOwrgyeQA/FVHp94GtNlE8qgaydcYW0iN/nBIBrgMukFrm7qJXWad66xndw4JWB++3lGo3+4tYwOIpmQ783wOu+6nw95iLPl9xGdxQzNA/yDLooAQ4Mr+bvAvdyI/chBAuM/0h/jqfeR3rHfOIjNCke8zrey4AbsMeyD3TBNCm/dtlQkq8Z8HTTqP5FDMik+Zkt9skkV/pYIl1/HtvRlXjo29f0UJttooR7PUN7MggMNgF6aU5gmGOYzUo57/oh9dz/okDmMlbPrSsNAucXSceTHmgpcHVbBj1Qci5iceAj3+wk7rOIwccD4ect25j+a/PPQoQ0wuu5TzAJmM64$vaATceXL95DlzoG4bPdXSQ==
vary: accept-encoding
server: cloudflare
cf-ray: 8796d8e8bcf856ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 | 104.17.3.184 | | 2.9 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 IP104.17.3.184:0
File typeASCII text, with very long lines (968), with no line terminators Hashbed3b25835c60228ad3c3ffba5c0a0e6 1f748beec0770b11efaee29b60cdbd4f3234ea4d 820d513c7315f3de59b0bb55c19930a7b3aa6da3264520054d0fb676b49bfe43
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1403796270:1713969037:EVQ0HiJxgQ0FkLf0vD0XhhHf_i6RX7KAIIaGrCrFEeo/8796d8a4995d56ae/e7d804d192d0db0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e7d804d192d0db0
Content-Length: 38200
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:11 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: rUbovJsxTL/PmeV6r0xVv1DDEYaoTOSpqqFBE27C4shMOLCpazzHm9cmuXgcSdVCSkBhsP2zChRRTWiEeF2JIJfNiPjEmaEF6o/c1AMjv8M=$eY6eSFPK/57W4nbBcEHrkw==
cf-chl-out-s: iEvKf6d/LF783yIwyyHGtR7M8ikIM29iJjn5DUuk/ROFw/BfIXg909TC3Y2+11/t09nk/GMdfp/ooYw/4YXVGsk1QjOm6yYaqLMdHlieI0EjlcE3Hr7M9CrPQEjipXyJJimhdf4BXFhJr4H4VMR5vA==$ow/5KyUFOozwVEcKe6ZlVQ==
vary: accept-encoding
server: cloudflare
cf-ray: 8796d8d6689556ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| asctrans-vn.com/jq/794143762cd83f42beaedca3b3b4968e662919d2ee87c | 172.67.191.176 | 403 Forbidden | 6.3 kB |
URL GET HTTP/1.1asctrans-vn.com/jq/794143762cd83f42beaedca3b3b4968e662919d2ee87c IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (15011), with no line terminators Hash413c7baba6abf71c43b59b969057c5a2 f96365217203946806430f8de2c0491ff6f93412 4ce4604b32b52b2967b1050758c5217adcf8b4699df05b3fe93cc64f3e3d1265
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /jq/794143762cd83f42beaedca3b3b4968e662919d2ee87c HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Cookie: PHPSESSID=98a68c331d49ee7f8fbc2af9c1214e3c
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: uPLG4o2BZd88BB/VTSSHahhJ8EljLEgLOqMdFDAjDIaIdExXvt4XII1ZFxQRHPPlRX6kA0C3hDO6QSf8aqRxO1pOC3wl7nqqHW2xxm1RuR/jEQustgu8fPX1yTCBxLcDctqrpKFpVcWQyXidvZbXnA==$k0aYXeHip8301570qxf9pQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Te9lS1D63ciBHvTC3Un6UdnGgrSwZkybg9J48rc0Lyj%2FivcW8ApTXpn1Jza4tdpSIDnSufTdQXL%2BR6QDuqUpxeJnq1if3qw8mX4eZmdq993E%2BJacGYIsi3POzotsMhAHie8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d906ef1e569d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/jm/794143762cd83f42beaedca3b3b4968e662919d2ee880 | 172.67.191.176 | 403 Forbidden | 6.3 kB |
URL GET HTTP/1.1asctrans-vn.com/jm/794143762cd83f42beaedca3b3b4968e662919d2ee880 IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (15011), with no line terminators Hash3f6d54e9ab8cd501d84113a67830a26a ef96b1b7e7f748f0a69f63c0ea97ec18fe2c84d5 8c44c5fe42724bb930713a0c54ff7936bf6b65e652424587ba2abcd55cd3dac6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /jm/794143762cd83f42beaedca3b3b4968e662919d2ee880 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Cookie: PHPSESSID=98a68c331d49ee7f8fbc2af9c1214e3c
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: SVpN6KjSsErdIFH9HuzR7+fbxjVzNMmFd45l22BvyYOWTrdj28VL/fWlJHoWFAkC7P2j0C4cyBRj2Eywok5ZyriNtsVoTTQRZn84It50FkSW8YcjPepbXqbTHeb3r4CCbtrHfbPRhIDHr+iqx50fuw==$/9KPw0ZZ3ppxywfW6sYZaQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMC4j2a1tb9rJbDcT5Nh9hERVjXVgcB36%2Fr1kvX3fsBYIgcmqUZpMq9QBPtKH8n7ztohHgxWpSFe8LZqPLipORbWEt9feNdNY8whAN4b3uce9fiSDdwGlPRULnMLgwROaEc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d906fd92569b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/boot/794143762cd83f42beaedca3b3b4968e662919d2ee87f | 172.67.191.176 | 403 Forbidden | 6.3 kB |
URL GET HTTP/1.1asctrans-vn.com/boot/794143762cd83f42beaedca3b3b4968e662919d2ee87f IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (15021), with no line terminators Hash895cc3267b7fd359a6c211a458b024aa 45a3d04a6fd8d6c37e4923121ebe721da26cf8ac fd85d4a23b3ca32380848a660f7514bbba24c4f7244962e7d4c23aea8f2a5955
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /boot/794143762cd83f42beaedca3b3b4968e662919d2ee87f HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Cookie: PHPSESSID=98a68c331d49ee7f8fbc2af9c1214e3c
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: aZzWgjgPvTBhVFq1kAumG5q/gJFuJA6/U1t4JxHf07vL4XoRlrpp8SeqsASmpHA2MGSsD/mg/y5/LCotb2bDbIzi0gmrii1DbGzkGpWsfA47bVFJ9bLAhD+SHz2RyMlWz33NS9FmAOpi2k1m5TlJCg==$HFlGVxprxGIogh9i5i005w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eAlXKZ1uceRebr%2FMvP3sjAXNL4R3HTd%2Fcxm9fTSNa4S6IkXT7h2grIV1yxNmr5yjCsm%2FzrVipof0oOBMS14mXfiHe%2FjUflOJFF9qJlz3KYoZDnyYA2soB3G50rxfU6NIa40%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d906faf6b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/jm/794143762cd83f42beaedca3b3b4968e662919d2ee880 | 172.67.191.176 | 403 Forbidden | 6.3 kB |
URL GET HTTP/1.1asctrans-vn.com/jm/794143762cd83f42beaedca3b3b4968e662919d2ee880 IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (15011), with no line terminators Hash997c90e2ff70fd27eb5389b5a72abc88 16216acedd28fa87505af18ed86debcdb8491d5c 5b8992a7767d33d50fef618d50d586e18b702288ed83da077dfbe3efad766c30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /jm/794143762cd83f42beaedca3b3b4968e662919d2ee880 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Cookie: PHPSESSID=98a68c331d49ee7f8fbc2af9c1214e3c
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: zgUv5Rg6tDygOrrPfMapRxoTvohcnArnjxWv2DPMl4EV2EA18xPAAzkFmyC3Q4VTSVGLsLlfCfBqzlVD2kH6oY4c22cMB3MzD2bvrod5UK+y4YKYK8yrFIQpURz9OYuaEi0dmrvdfM+4/E9h6B0xWw==$iiGprMNk6N7j4NzrjgFX0w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CK9mM9IeAm9upwFnW8boB65Q0NZBEUNg3at%2Bq6ckLkrcw8U4roaclsp%2F612oiSiEEbPrsUhNun%2F%2FVqXkPkpcrLn88gfnuLX4erMrRZaWhgnnRwpMnG4kTnz4Ot%2Bl46khmys%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d9071ef456c0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| asctrans-vn.com/2 | 172.67.191.176 | 403 Forbidden | 6.1 kB |
IP172.67.191.176:80
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
File typeHTML document, ASCII text, with very long lines (14675), with no line terminators Hashd8f425aaf4776f0023517bcb4d6185b3 263b87fe12c2475b4bf2b8ee1f530e077e70c116 d20065c73723d015e8df8171cfef46dc8c3be726c4f638fc0c9fac198437b5f2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /2 HTTP/1.1
Host: asctrans-vn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4
Cookie: PHPSESSID=98a68c331d49ee7f8fbc2af9c1214e3c
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 14:40:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 5V4NnEhgoQtOSMcEyuWQZ6qwaa+oTTGE/vNB3kcQtF6uCzKHqbLPLTY8r1eS0GTTq9IQ6PRkeN1xij6pnQub0thpn4zJseqKLPHFY5ZZ4W8qj1KMOtudNtVCu8ypX4qmuQ0txU6OKVjKNQvqB5himw==$2M7tGSIqXJHDOx4wsi8T9w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=McPiyfmeGhT8sobCxhPEUClM5E%2BWyX7Epotpkzi%2BDpTCT%2BTq7GKWd%2FBh58pESA3ClsuQ8nIo9FKlBtv%2FhdxdYJvln6%2FVgrHJVI%2F%2Fk4x6KMspzSk1ZsHwamiCMkH1fKu5ebs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8796d907ec6956c1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.3.184 | | 201 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Size201 kB (201192 bytes) Hash71b9f3a5622f443404666f170cd1dc41 39962a6aed7ba6f1af9cb61da7db2c8397f16ccb 242039cc3189575407f8a5e0e0cd481f95f7859cc412242323a018caacdb49d3
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0w8g8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 14:40:03 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-embedder-policy: require-corp
vary: accept-encoding
server: cloudflare
cf-ray: 8796d8a4995d56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| unpkg.com/axios@1.6.8/dist/axios.min.js | 104.17.247.203 | 200 OK | 42 kB |
URL GET HTTP/2unpkg.com/axios@1.6.8/dist/axios.min.js IP104.17.247.203:443
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 CertificateIssuerGoogle Trust Services LLC Subjectunpkg.com Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3 ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File typeJavaScript source, ASCII text, with very long lines (41442) Hash3b5b3d36fde8ffe8ed76b1efbfc65410 d63107d0912fdb387530d5ce2d512c928d73d122 29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304
GET /axios@1.6.8/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://asctrans-vn.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 14:40:19 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"a209-1jEH0JEv2zh1MNXOLVEsko1z0SI"
via: 1.1 fly.io
fly-request-id: 01HS1FGRYZKY14C0JK748EAY1W-arn
cf-cache-status: HIT
age: 3449061
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8796d90728b856ba-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| unpkg.com/axios/dist/axios.min.js | 104.17.247.203 | 302 Found | 42 kB |
URL GET HTTP/2unpkg.com/axios/dist/axios.min.js IP104.17.247.203:443
Requested byhttp://asctrans-vn.com/6f707a061eea947fb84eea4445afc0cf6629199b0d4d3PAS6f707a061eea947fb84eea4445afc0cf6629199b0d4d4 CertificateIssuerGoogle Trust Services LLC Subjectunpkg.com Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3 ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://asctrans-vn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 24 Apr 2024 14:40:19 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.6.8/dist/axios.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HW88EKMPG5T2XRDC1K0G59KN-arn
cf-cache-status: HIT
age: 365
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8796d907086e56ba-OSL
X-Firefox-Spdy: h2
|
|