r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e36c852b5e145f2f09fe73111fb162e1
e439c6a462f86a3003d6464a8b9999b1c4d1e210
52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4439
Expires: Wed, 26 Oct 2022 16:56:47 GMT
Date: Wed, 26 Oct 2022 15:42:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 45bfdf3b823cd24564c8ac296a8b5b19
b0c442eb4f87556b3beb18ca8039dd4399b73f16
32113c679dda1f710ba67e537fdd0d435ccc186a238e3b14e48deb7b0700c693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2920
Cache-Control: max-age=153414
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:48 GMT
Etag: "6358fe56-1d7"
Expires: Fri, 28 Oct 2022 10:19:42 GMT
Last-Modified: Wed, 26 Oct 2022 09:31:02 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 45bfdf3b823cd24564c8ac296a8b5b19
b0c442eb4f87556b3beb18ca8039dd4399b73f16
32113c679dda1f710ba67e537fdd0d435ccc186a238e3b14e48deb7b0700c693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4199
Cache-Control: max-age=154693
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:48 GMT
Etag: "6358fe56-1d7"
Expires: Fri, 28 Oct 2022 10:41:01 GMT
Last-Modified: Wed, 26 Oct 2022 09:31:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 26 Oct 2022 15:41:37 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 71
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a39eea1096852891690eaee02a64383e
c273000f799fc3676e8e3ef3617611a31252cffc
d9d95319013d64bc2ef6d9870f4adba902ee970b6f9e96279c9ed86f556e0001
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D9D95319013D64BC2EF6D9870F4ADBA902EE970B6F9E96279C9ED86F556E0001"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3134
Expires: Wed, 26 Oct 2022 16:35:02 GMT
Date: Wed, 26 Oct 2022 15:42:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VmR/Xjfmo+7jbQVqz0Ao5gjuOdiDJn+Bhn8s7j9W3s7hyktpXYuKtZwy4uKluWDujXOKh4fra0g=
x-amz-request-id: 74HZSSVNYRX5HY0H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 15:09:25 GMT
age: 2003
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ytamduong.vn/uia/mrvuppatosaetol
125.212.254.224301 Moved Permanently 248 B URL HTTP/1.1 ytamduong.vn/uia/mrvuppatosaetol
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 95282272a09d1ccf9524abf4fba6ce84
6d5cdd3c159ec521b0e292210728fc2c111d8ffe
0183be7249b1aafba0ec6bf75831e3f70d77341b2492f1a8f098078595024296
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uia/mrvuppatosaetol HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 26 Oct 2022 15:42:48 GMT
Server: Apache
Location: https://ytamduong.vn/uia/mrvuppatosaetol
Content-Length: 248
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 15:42:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91b74d6ae217958f13ebc358f22f561d
3f77d30d7eaf3c53fc45594dbf932353b06c2873
9ec534d559ceb1575554743f2bc9ade643e5d5e5a7e32355699eee8cb67460d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5194
Cache-Control: max-age=143106
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:49 GMT
Etag: "6358cd31-116"
Expires: Fri, 28 Oct 2022 07:27:55 GMT
Last-Modified: Wed, 26 Oct 2022 06:01:21 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91b74d6ae217958f13ebc358f22f561d
3f77d30d7eaf3c53fc45594dbf932353b06c2873
9ec534d559ceb1575554743f2bc9ade643e5d5e5a7e32355699eee8cb67460d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2308
Cache-Control: max-age=140220
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:49 GMT
Etag: "6358cd31-116"
Expires: Fri, 28 Oct 2022 06:39:49 GMT
Last-Modified: Wed, 26 Oct 2022 06:01:21 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ytamduong.vn/uia/mrvuppatosaetol
125.212.254.224200 OK 9.5 kB URL HTTP/2 ytamduong.vn/uia/mrvuppatosaetol
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Hash 81fe00ff20e80a862a35ceff34ab1514
59f9ba1bfc11e3e0225c95e9fec4b6e5de310882
7450ff26b2ea4e8f10c4aeb73cec00f93b106f2532b3659f68ab98b924ab8524
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uia/mrvuppatosaetol HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
set-cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; expires=Wed, 26-Oct-2022 17:42:49 GMT; Max-Age=7200; path=/; HttpOnly
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.2.1.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.2.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32058)
Hash 148f8d3ffd9cc02048c5f4d1cc83c407
9f2b89cfd151be6a29b4d43ad64d164fb8471046
4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 15:42:49 GMT
content-encoding: gzip
content-length: 30125
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1666798969.dop207.sk1.t,1666798969.cds227.sk1.hn,1666798969.cds222.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e7f1de4025eee44eed5a0ada1e998d6c
fd8bfad40b964ffd3534ac3aff68aaf31d38ba37
fba4107e5627b68a00dc9c31a657be714c85dc7c648b8e8e1c7373cc305f8228
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91b74d6ae217958f13ebc358f22f561d
3f77d30d7eaf3c53fc45594dbf932353b06c2873
9ec534d559ceb1575554743f2bc9ade643e5d5e5a7e32355699eee8cb67460d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5194
Cache-Control: max-age=143106
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:49 GMT
Etag: "6358cd31-116"
Expires: Fri, 28 Oct 2022 07:27:55 GMT
Last-Modified: Wed, 26 Oct 2022 06:01:21 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e7f1de4025eee44eed5a0ada1e998d6c
fd8bfad40b964ffd3534ac3aff68aaf31d38ba37
fba4107e5627b68a00dc9c31a657be714c85dc7c648b8e8e1c7373cc305f8228
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-JSBM3PWN47
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-JSBM3PWN47
IP 142.250.74.168:0
File type ASCII text, with very long lines (21373)
Hash 2d73a66bf49d47c8e1017b274b49cb20
ed1f8bcfe03b96fecc567e24b705edf36e6e0a55
d792c1813013baac3f3c725516e166aa32bd7400d9bb17a65cd346f27b1dc59d
GET /gtag/js?id=G-JSBM3PWN47 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 26 Oct 2022 15:42:49 GMT
expires: Wed, 26 Oct 2022 15:42:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76697
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
104.18.11.207200 OK 23 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65324)
Hash a72135437036328da2a748f2dc0dc1d2
316d44fad57ceb36938f734e5306178ea642419c
35d02c2dfdccd82bed664061a652eda6f4f55b8d6d050ef2882e4cb549e08366
GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 15:42:49 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 08/20/2022 02:32:49
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 22b5d8bc9c5681fbae6ea43d4d93a86f
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76044dd7cef60b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
104.18.11.207200 OK 14 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP 104.18.11.207:0
File type ASCII text, with very long lines (50758)
Hash 5f3a91c8acb6361aa365053d15c1dfd1
030b19f760e26a4ec66875fb69bbc93ee3d1ab31
6791d9e56ca61f265410ab2eb26506a125091d45e4eb28aec84d49f118cd5c5e
GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 15:42:49 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"67176c242e1bdc20603c878dee836df3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 08/04/2022 19:24:47
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 7412dfee9120f73653a5d00c22cd4e56
cdn-cache: HIT
cf-cache-status: HIT
age: 82210
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76044dd7cef70b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ytamduong.vn/styles.cd7b834c68d4fb54232a.css
125.212.254.224200 OK 46 kB URL HTTP/2 ytamduong.vn/styles.cd7b834c68d4fb54232a.css
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (46262), with no line terminators
Hash f5b1b8f683a174a4954b8cbea9817124
2f6f68d310c3371db14c0fe60edfa95b816f5b1f
aa4b0e01d39b69587e895e29d1f2beb6ef53fc183f10303b957968008795d46a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /styles.cd7b834c68d4fb54232a.css HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 46262
content-type: text/css
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fancybox/jquery.fancybox.min.css
125.212.254.224200 OK 14 kB URL HTTP/2 ytamduong.vn/assets/fancybox/jquery.fancybox.min.css
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type Unicode text, UTF-8 text, with very long lines (13705), with no line terminators
Hash 4a364acec2e122319d1236b0eed17e5c
f9c94ec04062a1bfe1ef894c49e6ec33fa121778
ed3c979ebd98534e34cdf48ffab11ccf6f60816e23e7afee8d33f08cccf2a856
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fancybox/jquery.fancybox.min.css HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 13706
content-type: text/css
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f046e6113dd1e5e499c765516be08b17
c2253055e09b46209469853cad8720e64f84a1bf
18663a8f0b5d4d7581b771da6c2dc897bc2b82d51d7dac1a56d22f9bebab6fb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f046e6113dd1e5e499c765516be08b17
c2253055e09b46209469853cad8720e64f84a1bf
18663a8f0b5d4d7581b771da6c2dc897bc2b82d51d7dac1a56d22f9bebab6fb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d14190b7d44355f74384008fc2bc965b
8899240507992ceba98f567c079650149cc583a4
2db73ab3dfce1101ff8aaa09fe7227ad8017486b3ec3f536b7f8a1102ec0c267
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 590922
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d14190b7d44355f74384008fc2bc965b
8899240507992ceba98f567c079650149cc583a4
2db73ab3dfce1101ff8aaa09fe7227ad8017486b3ec3f536b7f8a1102ec0c267
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 15:42:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ytamduong.vn/assets/js/js.js
125.212.254.224200 OK 1.3 kB URL HTTP/2 ytamduong.vn/assets/js/js.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with CRLF line terminators
Hash 7a921a028eff8baa41f8f66539f6157b
abc2a7c2a3ac198a860a774fcf949f2163e03f9e
04cdcbd4bb09fe8aeef7ea5f048a0e0028a560c2c0bcf4f8ac4e5f275ebf2862
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/js/js.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 1309
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/runtime.5eaaa1caaa6e95153e8b.js
125.212.254.224200 OK 3.0 kB URL HTTP/2 ytamduong.vn/runtime.5eaaa1caaa6e95153e8b.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (3034), with no line terminators
Hash e06dc7c023c6d6fe9e762a48aa0a9948
17a90b48b96ec337831f7637e9363ae841f41c95
5f1d91773c6ed0a95c19dd4236337a454bf109b8a29829865140d09e4b7d7bc8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /runtime.5eaaa1caaa6e95153e8b.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 3034
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-JSBM3PWN47>m=2oeaj0&_p=974198718&cid=139818370.1666798966&ul=en-us&sr=1280x1024&_s=1&sid=1666798966&sct=1&seg=0&dl=https%3A%2F%2Fytamduong.vn%2Fuia%2Fmrvuppatosaetol&dt=Ph%C3%B2ng%20kh%C3%A1m%20%C4%90%C3%B4ng%20y%20Y%20T%C3%A2m%20%C4%90%C6%B0%E1%BB%9Dng&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-JSBM3PWN47>m=2oeaj0&_p=974198718&cid=139818370.1666798966&ul=en-us&sr=1280x1024&_s=1&sid=1666798966&sct=1&seg=0&dl=https%3A%2F%2Fytamduong.vn%2Fuia%2Fmrvuppatosaetol&dt=Ph%C3%B2ng%20kh%C3%A1m%20%C4%90%C3%B4ng%20y%20Y%20T%C3%A2m%20%C4%90%C6%B0%E1%BB%9Dng&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-JSBM3PWN47>m=2oeaj0&_p=974198718&cid=139818370.1666798966&ul=en-us&sr=1280x1024&_s=1&sid=1666798966&sct=1&seg=0&dl=https%3A%2F%2Fytamduong.vn%2Fuia%2Fmrvuppatosaetol&dt=Ph%C3%B2ng%20kh%C3%A1m%20%C4%90%C3%B4ng%20y%20Y%20T%C3%A2m%20%C4%90%C6%B0%E1%BB%9Dng&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ytamduong.vn
date: Wed, 26 Oct 2022 15:42:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ytamduong.vn/polyfills.7667b9eb779e7301f514.js
125.212.254.224200 OK 45 kB URL HTTP/2 ytamduong.vn/polyfills.7667b9eb779e7301f514.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (44989), with no line terminators
Hash 3ddc3bb657e5f81a18f6122c329767db
8b023c7133a4c1b610194c071ace79b41cef51d4
32e1895d433f321c15642f2a1c7e76debbe0cae614fc4b8a06539e6ef16b1ec9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /polyfills.7667b9eb779e7301f514.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 44989
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fancybox/jquery.fancybox.min.js
125.212.254.224200 OK 95 kB URL HTTP/2 ytamduong.vn/assets/fancybox/jquery.fancybox.min.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type Unicode text, UTF-8 text, with very long lines (878), with CRLF line terminators
Hash cd96bf2cfd0e385647977b54db49e248
f6bd3f7aefd305905f0c17cc2b59d6cb7ce248d0
8fbeca3ccdbabfb885c26a15769bf0cead2f8d3411f11965fd4d6834f91765c0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fancybox/jquery.fancybox.min.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 94949
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11398
Expires: Wed, 26 Oct 2022 18:52:48 GMT
Date: Wed, 26 Oct 2022 15:42:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11398
Expires: Wed, 26 Oct 2022 18:52:48 GMT
Date: Wed, 26 Oct 2022 15:42:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11398
Expires: Wed, 26 Oct 2022 18:52:48 GMT
Date: Wed, 26 Oct 2022 15:42:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11398
Expires: Wed, 26 Oct 2022 18:52:48 GMT
Date: Wed, 26 Oct 2022 15:42:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db946866312c734e0c5f91ca76255b2f
e8b8236baab9106a426a415eb01494cc4cc91ad1
a695e7bc87da2c6d9f5669c09e662fe22982e69cb139466efa5093429fe19866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8439
x-amzn-requestid: e0eed725-0725-4f5a-9c91-fec13ad0ebe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ajKYQGWhIAMFdhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63578a9b-2a0115120e75f5271cea992f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 07:04:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WVz4PqWqT9Pk1juQ95Xzi-7HcEDBqKb5VAncjXxOYFfKTnjRbmodoA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 04:44:59 GMT
age: 39471
etag: "e8b8236baab9106a426a415eb01494cc4cc91ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:34:40 GMT
age: 54490
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5987bcd44ab0db5313aa4f409a8a212f
691a36cde98a9fe1660745dd811e0be2ae67036c
e47ce3587c647b52669f675dc7e84e21555f82138091fb04febc951b4c06ba30
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 69931a9c-027e-428e-a88d-61c5fac64daa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2iEnzoAMFZAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585690-12c78c5157fb3fa41a13548c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: E4t7XezEVl1x_4sbidtDPjCuZoCh7N01y7ZeYZWlAL1w8ut4Qx95TA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:46:50 GMT
age: 64560
etag: "691a36cde98a9fe1660745dd811e0be2ae67036c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe87578f5-db38-4350-a6ac-22b0577d75a1.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe87578f5-db38-4350-a6ac-22b0577d75a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 548cc254725b085a0794f02585db37f6
69ebcb96188f5e3f6355aabecbe925e26ff00668
09906078ef781e283e939b86e3ee34665ed5df4524a9af4be26f7106a8cab836
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe87578f5-db38-4350-a6ac-22b0577d75a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7435
x-amzn-requestid: fd538694-534d-4938-bebc-1131c0bb7c62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB1HWdIAMFuSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-2f9210cb5a6a28a71b130497;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TQ5GJaRJk5tw0implydS2L5z43-8mywPnViwhDI_mK4Wj9HzmDliIg==
via: 1.1 58f9a50682bb94842197f3e957919c60.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 07:24:38 GMT
age: 29892
etag: "69ebcb96188f5e3f6355aabecbe925e26ff00668"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c3ae78510434fd68063fc144bf614382
3bb87ca5274ce9f6d81da60ab940d23ccd12843b
f42d89328435cb37cba1111903a6bd5e900857d0942e1506ea2115b4e6301541
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7929
x-amzn-requestid: 6324abd6-8e27-4903-8bfc-a0fc6a8625be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK9LEeoIAMF5mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585854-2900343b1ae208a903fe58fd;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:44 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5MR4UzoW6rVsSpEyPAWrcFb2LCRICaG-toy3JflaXRrzZwcgMs48VQ==
via: 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:35 GMT
age: 64395
etag: "3bb87ca5274ce9f6d81da60ab940d23ccd12843b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F057530b7-f6b8-4f9b-b6fc-8fdc4a101f36.webp
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F057530b7-f6b8-4f9b-b6fc-8fdc4a101f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cc61ad4b1d66ab4bce27288ee690e12
324e13ad5c99f628d713e55a2994ad4042ece70e
62cd88bc19bc1f0be2a37c3e990897158acd3d55aa3ddd299144d4f9596ba34e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F057530b7-f6b8-4f9b-b6fc-8fdc4a101f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6831
x-amzn-requestid: cc6f38ff-ab33-4b18-8cae-aa6bc061962f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alKjPH7ToAMFSiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635857ae-3db2790d0e6c5fab6c4bc81f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tiWbOUwlRzaT2EnCWIgoFaT_ho55s3tgRxalb7yBbI21Pv0BhfLJOg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:52:53 GMT
age: 64197
etag: "324e13ad5c99f628d713e55a2994ad4042ece70e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ytamduong.vn/main.5840a09cc076ec1bad35.js
125.212.254.224200 OK 542 kB URL HTTP/2 ytamduong.vn/main.5840a09cc076ec1bad35.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Size 542 kB (542342 bytes)
Hash 03d9eab7ca52faea5e4aa809ce3d613c
d8df8fac7ef744977db4398c33bc2673fb251137
0d5bd412ff5d8bea2898f981623eb69856c0a0fa04769761879d431371827365
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /main.5840a09cc076ec1bad35.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 542342
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/i18n/vi.json
125.212.254.224200 OK 12 kB URL HTTP/2 ytamduong.vn/assets/i18n/vi.json
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Hash d8fac673e1468654f4dfc77c8bd200d2
7e6209cc04e5bc424199425b2ed80ff77f3284ab
08f9fd302220bd33761327398a2cb10705975066beaca284ec4f8fece8713609
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/i18n/vi.json HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 12034
content-type: application/json
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/8.7249b62705b1241fd3ad.js
125.212.254.224200 OK 36 kB URL HTTP/2 ytamduong.vn/8.7249b62705b1241fd3ad.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (35879), with no line terminators
Hash c8acaa96014b9d36425b122358eec5db
abfe7c1e1a7fa0370136f676f91e1509f01e5764
eae4f63d5de4def86f8dd201c69a96436d76e55a1f3c99ce582a52102cb90389
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /8.7249b62705b1241fd3ad.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 35879
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/1.be11ac3d31aabc1d3448.js
125.212.254.224200 OK 184 kB URL HTTP/2 ytamduong.vn/1.be11ac3d31aabc1d3448.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Size 184 kB (184525 bytes)
Hash edb18e3f73e7f662dab0d2a50afab26c
eb11db22d03bae465543d113db4e1a2458e25161
7715be73003946d36af8082f31536af0079350b222df951fd90d887a937047c6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /1.be11ac3d31aabc1d3448.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 184525
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/9.ca2e524d06637cfc1df0.js
125.212.254.224200 OK 18 kB URL HTTP/2 ytamduong.vn/9.ca2e524d06637cfc1df0.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (18238), with no line terminators
Hash 39e899540a65504f7c7474318bbf6f94
660bf68524330aee86ba55a890d1e123b8defd79
ebffedb1eb97eab7ce0b68b43acff90127936a9a207cc9f60ee3d48b6763a049
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /9.ca2e524d06637cfc1df0.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 18238
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/common.a59413be337f4c1fd741.js
125.212.254.224200 OK 16 kB URL HTTP/2 ytamduong.vn/common.a59413be337f4c1fd741.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (15862), with no line terminators
Hash 121f963e04c04777641c1763676dc879
32988b48c6a9c29a3568564c798f0cb5c79bdbbf
79deae01dc485a5f15341642d462c971e0ff1994755eb055209a5bb483bf6ae0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /common.a59413be337f4c1fd741.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 15862
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/3.40d6ebb85de214c27a6e.js
125.212.254.224200 OK 14 kB URL HTTP/2 ytamduong.vn/3.40d6ebb85de214c27a6e.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (13590), with no line terminators
Hash 9b6e6d28da1190f332eef5459e165bee
2767558123346a1fd490a86554dc758ced69061b
f328126315a665428a257c25e3af0805a48ec41e6f61b25ea283a9dd2db84c89
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /3.40d6ebb85de214c27a6e.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 13590
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/14.bdd2fac6a52388717faa.js
125.212.254.224200 OK 33 kB URL HTTP/2 ytamduong.vn/14.bdd2fac6a52388717faa.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (33017), with no line terminators
Hash 87b247c84fbaa03eb2001ee59f1c3c21
55fb68d25041ee9fc19fe34a6c49275568fbcbb7
5db8258c627fa0d2c51eaff7bb244fc1c9c78a375fa18f5d39f7a19f2d6d0ede
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /14.bdd2fac6a52388717faa.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 89684
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/company?mask=getcompany
125.212.254.224200 OK 1.6 kB URL HTTP/2 ytamduong.vn/api/company?mask=getcompany
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Hash 52853fc0a53baa4d264c55abbae0e3dd
109b79dc317ceeca1ac7a7ac374da8a29879e3f6
8841be5989934c653a4eb94786afdab4f7c45862771947a342c19f43259024c1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/company?mask=getcompany HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/6.620bd6463cd4556d4231.js
125.212.254.224200 OK 15 kB URL HTTP/2 ytamduong.vn/6.620bd6463cd4556d4231.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (14710), with no line terminators
Hash c42dfceb37addb3d64784bc3e892a1e4
9a03f4743d8b748174f88997709d05934f65bfed
23a2f39ed2006745e8a7dafa01ebf7e4dd6fa51e5e157ab2969a6f22adca2849
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /6.620bd6463cd4556d4231.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 59542
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/7.e339a60c5afc9546d018.js
125.212.254.224200 OK 357 kB URL HTTP/2 ytamduong.vn/7.e339a60c5afc9546d018.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Size 357 kB (356656 bytes)
Hash cd59cc07d066d354d0a8a93bbf79e09a
ff33db87bd01f5edf2c4fd8f53ca2388032208cf
e5afe629774bca65d4c45d6340aadcd622fdc5d1a9dcc71dba5b1e9552565008
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /7.e339a60c5afc9546d018.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 356656
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:51 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
216.58.207.195200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 11872, version 1.0\012- data
Hash 87ace20058325aa069320aa4af875dff
b743548770c46d905ae1ba06310bc001c587fe8e
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:35:48 GMT
expires: Thu, 19 Oct 2023 19:35:48 GMT
cache-control: public, max-age=31536000
age: 590824
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
216.58.207.195200 OK 5.6 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 5560, version 1.0\012- data
Hash ca3b09b62fda648a4511700413313fd0
109cd4c5435bd6614391bb8722c47c287c96b2ec
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5560
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:36:26 GMT
expires: Thu, 19 Oct 2023 19:36:26 GMT
cache-control: public, max-age=31536000
age: 590786
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ytamduong.vn/15.59844c659fec32c5ac90.js
125.212.254.224200 OK 21 kB URL HTTP/2 ytamduong.vn/15.59844c659fec32c5ac90.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (21123), with no line terminators
Hash 0a64840ce15af02beab594c2b087b555
43e9031e29f0d2fb2b51c470d6086401237b2a59
56248844fddfd8dbc306909abab1fecf2ff57a2e87859026f79fa7878a67ac49
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /15.59844c659fec32c5ac90.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 21123
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/17.b079403d85445437fd91.js
125.212.254.224200 OK 39 kB URL HTTP/2 ytamduong.vn/17.b079403d85445437fd91.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (38596), with no line terminators
Hash 33eebdbcac59b8c4652c4075281ba5f4
42fcaf5879d6315fb4212b8adbd2cc861d6aee38
81655df9c41f14b743cf074fcba84e0e2cf3e0d630f06654f151272041b990e2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /17.b079403d85445437fd91.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 38596
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/34.d736a085848e0443a7da.js
125.212.254.224200 OK 6.2 kB URL HTTP/2 ytamduong.vn/34.d736a085848e0443a7da.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (6244), with no line terminators
Hash 8b9ef475c3909ae484ccbc83687e6f59
f7625736bb1fc50ceb6597a8e5f9d68cdd19ebfa
3a4efb5c2f4ebbaed0c935dc451b73268d8456179a7fc945457d14d6fd9c5d62
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /34.d736a085848e0443a7da.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 6244
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/32.0d5dc681061c17898fac.js
125.212.254.224200 OK 9.5 kB URL HTTP/2 ytamduong.vn/32.0d5dc681061c17898fac.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (9483), with no line terminators
Hash a89eeb617568d1fefd859bcf75b3cf23
7c7fdfffd571862a7ec343f2b2650ddbeec16c6a
eb8a50ff7e26c66d8e0ae050a2bc6a036cd81821ba867b11d43a1e7da606d31b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /32.0d5dc681061c17898fac.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 9483
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fontawesome/fonts/fa-light-300.woff2
125.212.254.224200 OK 184 kB URL HTTP/2 ytamduong.vn/assets/fontawesome/fonts/fa-light-300.woff2
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type Web Open Font Format (Version 2), TrueType, length 184144, version 331.-31261\012- data
Size 184 kB (184144 bytes)
Hash de11da0fb48a14c9cbc05b0a24ed6efa
878cd08a06b335d95826e813e0a8777e28a76d04
e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fontawesome/fonts/fa-light-300.woff2 HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ytamduong.vn/assets/fontawesome/all.min.css
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 184144
content-type: font/woff2
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fontawesome/fonts/fa-regular-400.woff2
125.212.254.224200 OK 169 kB URL HTTP/2 ytamduong.vn/assets/fontawesome/fonts/fa-regular-400.woff2
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type Web Open Font Format (Version 2), TrueType, length 168768, version 331.-31261\012- data
Size 169 kB (168768 bytes)
Hash d8689b99dce7c881d3130f3c91cfefdf
fb005c93930c13b3a5f449bbc75ba5ee23f609fa
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fontawesome/fonts/fa-regular-400.woff2 HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ytamduong.vn/assets/fontawesome/all.min.css
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 168768
content-type: font/woff2
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fontawesome/fonts/fa-duotone-900.woff2
125.212.254.224200 OK 182 kB URL HTTP/2 ytamduong.vn/assets/fontawesome/fonts/fa-duotone-900.woff2
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type Web Open Font Format (Version 2), TrueType, length 181948, version 331.-31261\012- data
Size 182 kB (181948 bytes)
Hash 33b94ae8447d31e14d9ca9d360bbb4df
886ef25bdc43055f19f8bba07b057b436a4121da
3b5176bfadbb42740a51a8defa97dd393a2615dc1bffdcf333ac9d131893817d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fontawesome/fonts/fa-duotone-900.woff2 HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ytamduong.vn/assets/fontawesome/all.min.css
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 181948
content-type: font/woff2
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/public/website/logo-dau-trang-ytamduong-2022_1652063224.jpg
125.212.254.224200 OK 29 kB URL HTTP/2 ytamduong.vn/public/website/logo-dau-trang-ytamduong-2022_1652063224.jpg
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x114, components 3\012- data
Hash 433c204347afd64a9f3e297c448df8c2
50076e303ab80971d090a030fb69fa7e0b87fa3e
e3f80521a47aead02d0428f78dc8d66947c7938a9c4b6d973ce3a011c7c30e30
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /public/website/logo-dau-trang-ytamduong-2022_1652063224.jpg HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 07:39:12 GMT
accept-ranges: bytes
content-length: 28741
content-type: image/jpeg
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/23.1976e6d2e3858bfe96b7.js
125.212.254.224200 OK 39 kB URL HTTP/2 ytamduong.vn/23.1976e6d2e3858bfe96b7.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (39097), with no line terminators
Hash 909ea48a09245971be4e4dd7b483dfc5
7911a379510191e131093e67fae336bf706f0da3
28bcf1a049b41ca3342509b1be205f6c8a919829dea2aa332ff3ed4564213afa
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /23.1976e6d2e3858bfe96b7.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 39097
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/19.19450f908d86cadd63fc.js
125.212.254.224200 OK 27 kB URL HTTP/2 ytamduong.vn/19.19450f908d86cadd63fc.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (27437), with no line terminators
Hash 97bd4a4798a722bf400ca5802ee324a4
19eb505c94469aa0ee0ac25839de653cffc191e5
8c8816fb76422fd429b8cbbcbf3ae1a67ffed2c1bafed42fbda267bde6621005
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /19.19450f908d86cadd63fc.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 27437
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/30.0ece970f6b39e33975c4.js
125.212.254.224200 OK 25 kB URL HTTP/2 ytamduong.vn/30.0ece970f6b39e33975c4.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (25257), with no line terminators
Hash 2c3c81858ed9a8c570f8dd7828f49bfc
9a658c657569e77c3e7c95b0d63b83e4ef6d796e
b4b64ccdcf5931bec9bbd5172405bd5c86d6a5c9168f45408ded4da6b9ef48e2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /30.0ece970f6b39e33975c4.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 25257
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/24.b2e1b2858b4a13fcb288.js
125.212.254.224200 OK 23 kB URL HTTP/2 ytamduong.vn/24.b2e1b2858b4a13fcb288.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (22623), with no line terminators
Hash 89c00f6841d7ea98d95ad8b4348ec06c
65827fc1b893a5da697f03756b1d926a0d4e1599
2b4065f95ff6ba3dcd46111496a7fda7822e62a0fcf6d6163c251845bb952ce4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /24.b2e1b2858b4a13fcb288.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 22623
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/20.de93e816ef99a0601599.js
125.212.254.224200 OK 20 kB URL HTTP/2 ytamduong.vn/20.de93e816ef99a0601599.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (19969), with no line terminators
Hash 71eb5aae8df80bdddfd6c527abcb6fa6
3933076c6846bfea9426d998000e2524f800efe6
477eeb92e5cd152e23fb9f6e8d08eff4ea7d2cdfc2d8172fe0e0f602112be08f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /20.de93e816ef99a0601599.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 19969
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/22.e22a1f3a4725e1847368.js
125.212.254.224200 OK 44 kB URL HTTP/2 ytamduong.vn/22.e22a1f3a4725e1847368.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (43874), with no line terminators
Hash 4c27a161c4e0fc816041a74d462ae4b5
eb8eb2c9709ebb2dd48a8dffcc7ed4821e3c51d3
137dddf030f0101e139d9e34a2724954457881ca1437706da14aeea426e5a6cd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /22.e22a1f3a4725e1847368.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 43874
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
142.250.74.10200 OK 63 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
IP 142.250.74.10:0
Hash f129428d22cf34db9047b99f0c1c681f
24b2a28c256234b37db246c85b204cbfaa764c96
542999a8e31c9a56b05c4b86e8844c9bcdfae807d6da6ea83e5f4204a226c2aa
GET /css2?family=Roboto:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 26 Oct 2022 15:42:50 GMT
date: Wed, 26 Oct 2022 15:42:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ytamduong.vn/21.f70436ea3c2f396aae12.js
125.212.254.224200 OK 27 kB URL HTTP/2 ytamduong.vn/21.f70436ea3c2f396aae12.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (27019), with no line terminators
Hash 0bf67a7a2c2abfec1036b171977da25a
6601e770807f20aeb54091f464a916f4bb0260c1
676d75718de6db8081a494e0ae402d060c87f7b26490a71f42754c72def88386
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /21.f70436ea3c2f396aae12.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 27019
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/18.ac1b68ca3b8fdd25d84c.js
125.212.254.224200 OK 16 kB URL HTTP/2 ytamduong.vn/18.ac1b68ca3b8fdd25d84c.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (15486), with no line terminators
Hash a746ec451f321a570ec4e92263158813
02e2e1c9726738c97d2bedb1b636b74545e099ff
45a8a2ecb77484e7a5a52e0907117ba2063da999c745d9500e74b9a35ef55afe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /18.ac1b68ca3b8fdd25d84c.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 15486
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/31.fcf7ac3d2c4f3ac79141.js
125.212.254.224200 OK 18 kB URL HTTP/2 ytamduong.vn/31.fcf7ac3d2c4f3ac79141.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (18211), with no line terminators
Hash 30c21ca3f1b46bf7dda6af94afe4bccf
2f0101ec05fee48d98577ef83a3af0ce71221abb
8be19cbbbe7cf8e3646e9d9b8e21d7b856e55bd8cf842b10e9d4715b9d323b40
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /31.fcf7ac3d2c4f3ac79141.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 18211
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/4.f74d4d525f1443c70da7.js
125.212.254.224200 OK 21 kB URL HTTP/2 ytamduong.vn/4.f74d4d525f1443c70da7.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (21045), with no line terminators
Hash 08bbc00e6afba6dc9fc5adf3662581ba
8bd504e574d023686c7850079f6b0dbfc0385560
9fb1dd07f6ac8d90c34e83dcc8553810e2c862bee0c19d65659f314f0e6316a2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /4.f74d4d525f1443c70da7.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 21045
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/27.c644c772aace09d64d21.js
125.212.254.224200 OK 14 kB URL HTTP/2 ytamduong.vn/27.c644c772aace09d64d21.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (14429), with no line terminators
Hash b97a154c65d38d451c300b706fbdd70e
42e6b7b8673d6679de8db61fc810e0c403561789
718bdbd4e3dacf55af78ca22034d0240598c00d632cb04f3d43e2ce9d8b3a4ad
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /27.c644c772aace09d64d21.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 14429
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/29.62e3f71d52e03a47b165.js
125.212.254.224200 OK 14 kB URL HTTP/2 ytamduong.vn/29.62e3f71d52e03a47b165.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (13678), with no line terminators
Hash 40dea37fce28fa0141d65999e57b56a4
6354f2301743f54e413dde91e40af7c0648cc7f0
fae2b7c4bb7b21e9cf4404277845665be6aee03cc954e0a228845d962034d6a7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /29.62e3f71d52e03a47b165.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 13678
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/26.f8c3b5ea1f8b79ee944b.js
125.212.254.224200 OK 12 kB URL HTTP/2 ytamduong.vn/26.f8c3b5ea1f8b79ee944b.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (11966), with no line terminators
Hash 873cbb3b6a1a4446f04500ce44830469
9e8910fdd09b4b73648103caddbb71bacf0df096
74e34695701920f597b2b25709ed872c99daf77ea41fde59f1fd33fe432d978b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /26.f8c3b5ea1f8b79ee944b.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 11966
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/28.73e3d9bf5c15e4dc72f3.js
125.212.254.224200 OK 12 kB URL HTTP/2 ytamduong.vn/28.73e3d9bf5c15e4dc72f3.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (12042), with no line terminators
Hash ea1010e7aab58bdebee0225927459c72
25bbf7b9d2a97487655d17c38559e72019b7c8e8
4c3f8611b9ec78361e6b6cb7fc08076af3bc8f061c1d844ac80bdd6743d862a6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /28.73e3d9bf5c15e4dc72f3.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 12042
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/25.08f5b154d66d1beb7b0d.js
125.212.254.224200 OK 13 kB URL HTTP/2 ytamduong.vn/25.08f5b154d66d1beb7b0d.js
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type ASCII text, with very long lines (13388), with no line terminators
Hash 8387a73084a15abb56208aa778fa13a8
d023a42fbef3fac5c824c990a308866d7f3826c8
d6dd34819c0f7d348c9f1ea6b4b4d45f6cf5c10762130d6d859093643b0e0188
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /25.08f5b154d66d1beb7b0d.js HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 09:02:10 GMT
accept-ranges: bytes
content-length: 13388
content-type: application/javascript
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fontawesome/fonts/fa-solid-900.woff2
125.212.254.224200 OK 137 kB URL HTTP/2 ytamduong.vn/assets/fontawesome/fonts/fa-solid-900.woff2
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type Web Open Font Format (Version 2), TrueType, length 136824, version 331.-31261\012- data
Size 137 kB (136824 bytes)
Hash 978b27ec5d8b81d2b15aa28aaaae1fcb
76625967fe113a088e0627605b9d1bbfb8a5e47c
943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fontawesome/fonts/fa-solid-900.woff2 HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ytamduong.vn/assets/fontawesome/all.min.css
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 136824
content-type: font/woff2
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/img/zalo.png
125.212.254.224200 OK 11 kB URL HTTP/2 ytamduong.vn/assets/img/zalo.png
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type PNG image data, 246 x 246, 8-bit/color RGB, non-interlaced\012- data
Hash 7862e29a22afe00da0caefae1f0d0e40
901052c39fcfa876a0b96beea6f098b6b7d9b41d
69f62fdb22fd9fcd4832fed36275a7beaf79f6ad4d73f0b92569cc664582f614
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/img/zalo.png HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 10660
content-type: image/png
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/img/icons/messenger-350x350.png
125.212.254.224200 OK 53 kB URL HTTP/2 ytamduong.vn/assets/img/icons/messenger-350x350.png
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type PNG image data, 350 x 350, 8-bit/color RGB, non-interlaced\012- data
Hash 7baf71cf3e84c6bbd6e03ad238b5eb1a
49f0d63c40995a7e0a769d0ba877c0befcf10a64
b819a09b1a0aff3e4b41b90cfefec5289a28e2b307e50332c761a219a1bf5d5d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/img/icons/messenger-350x350.png HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 52666
content-type: image/png
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/upload/images/icon/mail.png
125.212.254.224200 OK 24 kB URL HTTP/2 ytamduong.vn/upload/images/icon/mail.png
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced\012- data
Hash 92aed79f8931ad9e95f84580afb13b2c
077161da5b8744e3df030da162f68f722e19773a
66fd86e97f6d5eed31648959cf27f7cca1faf056f3f42638eac0458137e027cc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /upload/images/icon/mail.png HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 07:29:22 GMT
accept-ranges: bytes
content-length: 24267
content-type: image/png
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/upload/images/icon/pin.png
125.212.254.224200 OK 56 kB URL HTTP/2 ytamduong.vn/upload/images/icon/pin.png
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced\012- data
Hash b95b42b416ffa8f6fba2d16c42589f8b
3a7781b9e81364520ace3fbdfbdcdf1fb5a2cfaf
910bd12b79a60ad5fb132abba3e241fc7e8e7d1dae723e9e9f6e447b9c3ada23
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /upload/images/icon/pin.png HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 07:29:22 GMT
accept-ranges: bytes
content-length: 55747
content-type: image/png
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/upload/images/icon/phone-call.png
125.212.254.224200 OK 61 kB URL HTTP/2 ytamduong.vn/upload/images/icon/phone-call.png
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced\012- data
Hash b41a3bc8cc2fb480e91ce32975717060
ed5edf87c5d8ec40191abf773a0cebe3cc05e06d
10230a30e3204857404e4be6804db71a7e9b83cdbf6d8783469815883974621d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /upload/images/icon/phone-call.png HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 07:29:22 GMT
accept-ranges: bytes
content-length: 61352
content-type: image/png
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/getmenu?mask=menuFooterProducts&position=products
125.212.254.224200 OK 576 B URL HTTP/2 ytamduong.vn/api/getmenu?mask=menuFooterProducts&position=products
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
File type JSON data\012- , ASCII text, with very long lines (2180), with no line terminators
Hash 6e424e95ce8c47161d8df633e4420a7b
6a5647d55ef6b474645f87292c4e1a8bcafe7e23
3fa05165e325068f564424794f0235614cb9a19bb549dc6c89728f857a578fed
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/getmenu?mask=menuFooterProducts&position=products HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:53 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/getmenu?mask=menuFooterPolicy&position=policy
125.212.254.224200 OK 2.5 kB URL HTTP/2 ytamduong.vn/api/getmenu?mask=menuFooterPolicy&position=policy
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Hash e7c223808b133fbd2a487443e93daa0d
76caab8dea289b800ecefa9a2106dc3b552e46e9
507721f770c538d6177e8a042b4ffe8915934759045b1a0d6d182d3af2bdcdc5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/getmenu?mask=menuFooterPolicy&position=policy HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:53 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/getmenu?mask=menuFooterGuide&position=guide
125.212.254.224200 OK 41 kB URL HTTP/2 ytamduong.vn/api/getmenu?mask=menuFooterGuide&position=guide
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Hash 7d6f29adc30c9ac0265cebc611a85631
87ded61f375d6b1cb297df19c896f730a82b4bff
f94ffac05d9f65befa50ce4833f1aaf5e9847b893985b16ed44d6c5ffbea8b5a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/getmenu?mask=menuFooterGuide&position=guide HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:53 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/setting/language?mask=language&status=1
125.212.254.224200 OK 0 B URL HTTP/2 ytamduong.vn/api/setting/language?mask=language&status=1
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/setting/language?mask=language&status=1 HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/getmenu?mask=menuFooterPayment&position=payment
125.212.254.224200 OK 0 B URL HTTP/2 ytamduong.vn/api/getmenu?mask=menuFooterPayment&position=payment
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/getmenu?mask=menuFooterPayment&position=payment HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:53 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/assets/fontawesome/all.min.css
125.212.254.224200 OK 0 B URL HTTP/2 ytamduong.vn/assets/fontawesome/all.min.css
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fontawesome/all.min.css HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 06:54:22 GMT
accept-ranges: bytes
content-length: 172359
content-type: text/css
date: Wed, 26 Oct 2022 15:42:49 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/getmenu?mask=getMenuMain&position=menuMain
125.212.254.224200 OK 0 B URL HTTP/2 ytamduong.vn/api/getmenu?mask=getMenuMain&position=menuMain
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /api/getmenu?mask=getMenuMain&position=menuMain HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/pages/detail?mask=@Page/detail&link=mrvuppatosaetol&parent_link=uia
125.212.254.224200 OK 0 B URL HTTP/2 ytamduong.vn/api/pages/detail?mask=@Page/detail&link=mrvuppatosaetol&parent_link=uia
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
POST /api/pages/detail?mask=@Page/detail&link=mrvuppatosaetol&parent_link=uia HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2
ytamduong.vn/api/products/detail?mask=@Product/detail&link=mrvuppatosaetol
125.212.254.224200 OK 0 B URL HTTP/2 ytamduong.vn/api/products/detail?mask=@Product/detail&link=mrvuppatosaetol
IP 125.212.254.224:0
ASN #38731 CHT Compamy Ltd
POST /api/products/detail?mask=@Product/detail&link=mrvuppatosaetol HTTP/1.1
Host: ytamduong.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ytamduong.vn
Connection: keep-alive
Referer: https://ytamduong.vn/uia/mrvuppatosaetol
Cookie: ci_session=4acbd02dc2551b658b3ef6c35df6f9146ec01492; _ga_JSBM3PWN47=GS1.1.1666798966.1.0.1666798966.0.0.0; _ga=GA1.1.139818370.1666798966; _gcl_au=1.1.1955519426.1666798966
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , X-Alt-Referer
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Wed, 26 Oct 2022 15:42:52 GMT
server: Apache
X-Firefox-Spdy: h2