Report - nhanquafreefire.garenav.vn/

Report Overview

Visited public
2023-11-28 14:56:06
Tags
URL
nhanquafreefire.garenav.vn/
Finishing URL
nhanquafreefire.garenav.vn/
IP / ASN
14.225.207.65
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Title
GARENA FREE FIRE

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

100

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.pinimg.com	689	2010-05-29	2015-10-15 02:21:29	2023-11-28 12:14:15	972 B	140 kB	151.101.244.84
api.pubgameshowtime.com	unknown	2018-02-12	2020-04-21 18:32:50	2023-11-27 16:04:38	519 B	0 B	0.0.0.0
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-28 07:50:39	1.7 kB	43 kB	142.250.74.99
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-28 07:52:06	1.9 kB	2.3 MB	142.250.74.74
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-11-28 05:10:06	432 B	32 kB	151.101.194.137
i.upanh.org	360420	2018-06-15	2019-08-06 07:25:28	2023-11-16 08:02:49	468 B	2.3 MB	188.114.96.1
freefiremobile-a.akamaihd.net	20326	2009-09-14	2017-11-25 22:17:31	2023-11-28 06:30:21	490 B	5.2 kB	95.101.10.40
nhanquafreefire.garenav.vn	unknown	unknown	2023-07-29 05:58:36	2023-11-03 21:31:31	12 kB	669 kB	14.225.207.65
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-28 05:09:25	485 B	6.6 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena
2023-11-28	medium	nhanquafreefire.garenav.vn/	Garena

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed
2023-11-28	medium	garenav.vn	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-27
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-27 17:23 Times Seen208156 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	nhanquafreefire.garenav.vn/	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL nhanquafreefire.garenav.vn/ IP 14.225.207.65 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 17:27 Times Seen4770854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nhanquafreefire.garenav.vn/	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL nhanquafreefire.garenav.vn/ IP 14.225.207.65 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 17:27 Times Seen4770854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nhanquafreefire.garenav.vn/	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL nhanquafreefire.garenav.vn/ IP 14.225.207.65 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 17:27 Times Seen4770854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nhanquafreefire.garenav.vn/	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL nhanquafreefire.garenav.vn/ IP 14.225.207.65 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 17:27 Times Seen4770854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nhanquafreefire.garenav.vn/	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL nhanquafreefire.garenav.vn/ IP 14.225.207.65 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 17:27 Times Seen4770854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nhanquafreefire.garenav.vn/	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL nhanquafreefire.garenav.vn/ IP 14.225.207.65 ASN #135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 17:27 Times Seen4770854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (39)

URL IP Response Size

nhanquafreefire.garenav.vn/

14.225.207.65

200 OK

2.8 kB

URL User Request GET HTTP/2
nhanquafreefire.garenav.vn/
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.8 kB (2821 bytes)
Hash
ad208056f785bd92ee9ed05b23a738df
bfef679be7aafa7f1580043d27c769d2cc0e18ab
ef9a032ea2b79710e32ea3d6b1e18f1d454c1c28ca9bf55b40496ca8c20ad625

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.4.27
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 2821
date: Tue, 28 Nov 2023 14:54:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 14:55:46 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 212534
expires: Sun, 17 Nov 2024 14:55:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSV1poW6Q3pVx3tI0NSGR4SuUo9K%2Baa50fKHdkyfWRd0uF%2BIX7gpGI4Tzd6hcmPSgL%2BuVxpeV5MU%2BCrVTLXq5XtFoKwWsnZzvVyWugOyJPC1R0GR%2Fjbt40u7c%2BalbFSg1dNMZcxx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d3742ceb92b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:55:46 GMT
age: 580729
x-served-by: cache-lga21931-LGA, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 14, 173115
x-timer: S1701183347.734479,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/style.css

14.225.207.65

200 OK

5.5 kB

URL GET HTTP/2
nhanquafreefire.garenav.vn/style.css
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
ASCII text
Size
5.5 kB (5519 bytes)
Hash
6278532ed082fa3cacf830e6320f4c4f
0b4f513ead99a8747d9f98adb6ac533cbb9abb6e
be16132b2e2d9fd97d2a6c13f646ceef90e01236e0c5474d7879af274b1d275e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style.css HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:58 GMT
etag: "8eb6-62fb3c7e-236d1d;br"
last-modified: Tue, 16 Aug 2022 06:43:10 GMT
content-type: text/css
content-length: 5519
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Nov 2023 14:54:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/top.png

14.225.207.65

200 OK

22 kB

URL GET HTTP/2
nhanquafreefire.garenav.vn/ngMedia/top.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 1284 x 162, 8-bit colormap, non-interlaced\012- data
Size
22 kB (22034 bytes)
Hash
34fc0e7155d1fc8967fca70d3a890f5b
429a6401756e4f42882bb3ada8c420fa735a91d7
20a1e9a219e82870fd083777616f070679174002e5e795e3f2b57956c82d81f2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/top.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:58 GMT
etag: "5612-6125f294-236cfe;;;"
last-modified: Wed, 25 Aug 2021 07:34:44 GMT
content-type: image/png
content-length: 22034
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2

142.250.74.99

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19496, version 1.0\012- data
Size
20 kB (19496 bytes)
Hash
28b447fafa67623dbb9b6b2419b93dc6
5ed0081ddd6eb10067dad4d9b0a5102699b6fd84
d2646602d0beed6bdf7af300b997903ae1ebf2fac68ccad2539410942814fe97

HTTP Headers

GET /s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhanquafreefire.garenav.vn
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 05:48:38 GMT
expires: Wed, 27 Nov 2024 05:48:38 GMT
cache-control: public, max-age=31536000
age: 32829
last-modified: Thu, 24 Aug 2023 21:04:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_led7Q.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_led7Q.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
760d7d9e6a668609516264bf518c0637
e793ff62c6a800c2b39b74b4a74c5a31a702c879
d47b278c91686d1c548aa97020d8da0167562e5d655663aaa972396e69b143be

HTTP Headers

GET /s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_led7Q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhanquafreefire.garenav.vn
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 07:36:26 GMT
expires: Wed, 27 Nov 2024 07:36:26 GMT
cache-control: public, max-age=31536000
age: 26361
last-modified: Thu, 24 Aug 2023 20:55:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2

142.250.74.99

200 OK

5.4 kB

URL GET HTTP/2
fonts.gstatic.com/s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5448, version 1.0\012- data
Size
5.4 kB (5448 bytes)
Hash
c694c541586c539065930e9fc49bccf9
742a66a1e9050f3e875a95cbd9babb8916a7a21f
12f0cd69f190f7db4c5cd05962c9f56e3c510061e9ca6201bb78776329906d0a

HTTP Headers

GET /s/baloo2/v21/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhanquafreefire.garenav.vn
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5448
date: Tue, 28 Nov 2023 14:55:47 GMT
expires: Wed, 27 Nov 2024 14:55:47 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 21:11:22 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/for_grand.png

14.225.207.65

200 OK

900 B

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/for_grand.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 630 x 65, 8-bit colormap, non-interlaced\012- data
Size
900 B (900 bytes)
Hash
ee93185b4a1b11f8703c2263ea18bc4a
23e10fdeedfe91ffcd32dd7a4af6befdaac7d724
bd819daf4422cb003fa1a9d2be638f7427f09a10f6234e1d02930c582ac8f02c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/for_grand.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "384-6125f270-236cf8;;;"
last-modified: Wed, 25 Aug 2021 07:34:08 GMT
content-type: image/png
content-length: 900
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap

142.250.74.74

200 OK

5.6 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
5.6 kB (5603 bytes)
Hash
c4751f5e39e9ebb5d9f8bb5f84d85278
5fcaffddc39f0b82a3f31c64d1fcae92dcf34b42
6fb20466c5fbae5c87b3a40b50bd5adb30c64f3213e9e68b23c7ed811d29c161

HTTP Headers

GET /css2?family=Baloo+2:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 14:55:46 GMT
date: Tue, 28 Nov 2023 14:55:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/super_spin.png

14.225.207.65

200 OK

4.0 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/super_spin.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 293 x 134, 8-bit colormap, non-interlaced\012- data
Size
4.0 kB (4027 bytes)
Hash
c3d11e2d12f091377b9f662b13dedee6
66be82969d4849d4a5180943c96316718c79a05d
c26b896588d0ad1639167fdbddbb588221ec49becbf6d35d0585c5c049c83d9f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/super_spin.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "fbb-6125f288-236cfc;;;"
last-modified: Wed, 25 Aug 2021 07:34:32 GMT
content-type: image/png
content-length: 4027
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/ngMedia/spin.png

14.225.207.65

200 OK

4.8 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/spin.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 293 x 134, 8-bit colormap, non-interlaced\012- data
Size
4.8 kB (4836 bytes)
Hash
a17eefe832dcf309e667f0c1d5e49bcf
1366a04aac53e54e9db0577b2b7b266612457207
e80f127e54668213efa2d29220958603ef48a9c77a6c05359706d17971224eb6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/spin.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "12e4-6125f284-236cfb;;;"
last-modified: Wed, 25 Aug 2021 07:34:28 GMT
content-type: image/png
content-length: 4836
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/1.php

14.225.207.65

200 OK

240 B

URL GET HTTP/3
nhanquafreefire.garenav.vn/1.php
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
Unicode text, UTF-8 text
Size
240 B (240 bytes)
Hash
264e3a739ccf8e7b960c31922d931c88
cba09b5dbe9f43a3531922487f0cd67ae4b2859a
0d0966aa1674e6a10229cba69830064652cabe85ac972361b18f14d4b27750dc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1.php HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-powered-by: PHP/7.4.27
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 240
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

fonts.googleapis.com/css2?family=Yanone+Kaffeesatz&display=swap

142.250.74.74

200 OK

2.3 MB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Yanone+Kaffeesatz&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
2.3 MB (2258650 bytes)
Hash
8a2316afb6742156531b9e4d22fb21fd
4871af3e494d637560a6c3ebda9e6acabd145a7a
55d7624cefc87e66aa77a2f48ba32efd91899115eb858655fa669723021eed5f

HTTP Headers

GET /css2?family=Yanone+Kaffeesatz&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 14:55:46 GMT
date: Tue, 28 Nov 2023 14:55:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/dialog.png

14.225.207.65

200 OK

43 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/dialog.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 858 x 478, 8-bit colormap, non-interlaced\012- data
Size
43 kB (42601 bytes)
Hash
96af1e39654e846a4332abc2562039df
d5af49d154f97d7eaa448514dd78776213d76ee8
2041a48d786c722b74f4e190442cc44cb4da5a4312e8f7784f2718c327527a15

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/dialog.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "a669-6125f268-236cf6;;;"
last-modified: Wed, 25 Aug 2021 07:34:00 GMT
content-type: image/png
content-length: 42601
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/ngMedia/banner.png

14.225.207.65

200 OK

1.5 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/banner.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 192 x 86, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1469 bytes)
Hash
6a22126f91e118084f92caf8340969c9
d966b6a3c013719447cdd54f8be004b751fcff77
0e1d5f49bfbcf1ce9eac55223298b7876570bfa0022015ac36024089a693dae0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/banner.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "5bd-6125f254-236cf2;;;"
last-modified: Wed, 25 Aug 2021 07:33:40 GMT
content-type: image/png
content-length: 1469
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao1.png

14.225.207.65

200 OK

22 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao1.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22168 bytes)
Hash
e6d28f185eea6b8dc61a2bef3e851912
46dadd8dc905fc0bd420480720075386b1e2e645
816f9ad29b3b00415c65a75ed2bbc9540c3fa91bc8bf26aa7d15fc538a314b0d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao1.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "5698-65009192-236cdc;;;"
last-modified: Tue, 12 Sep 2023 16:28:02 GMT
content-type: image/png
content-length: 22168
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao2.png

14.225.207.65

200 OK

25 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao2.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (25039 bytes)
Hash
69b6f2ddaf1cb4fae3d689f036bee59b
ab9c3092574b338af727f9437613d1148c11388b
76fb40351a9ce4a35fe9f16c5f55aaf203c3fdf8422af1cd8f12a31237dd0586

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao2.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "61cf-65009192-236cdd;;;"
last-modified: Tue, 12 Sep 2023 16:28:02 GMT
content-type: image/png
content-length: 25039
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao3.png

14.225.207.65

200 OK

22 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao3.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22310 bytes)
Hash
17529b71767dbfa622522b46520e938f
5234d7695e6b08955d2127a5ee20fce4c5514d12
19e5a2fbdc038a7be507d2e91c694ee9760e6399902a8a16e82e01e91cf2fcb1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao3.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "5726-65009192-236cde;;;"
last-modified: Tue, 12 Sep 2023 16:28:02 GMT
content-type: image/png
content-length: 22310
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/nen/nen.jpg

14.225.207.65

200 OK

263 kB

URL GET HTTP/2
nhanquafreefire.garenav.vn/img/nen/nen.jpg
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1351x760, components 3\012- data
Size
263 kB (262937 bytes)
Hash
f2dac9029648e4289ae7b132da9a1a63
2749276ef7c04ebdc32047b4ffc1d94cf3906090
cdcb1542500e62b28f71dd9d81d28b9a1f37dafe06367e9a6c8697cd99b11df5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nen/nen.jpg HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:58 GMT
etag: "40319-6500957b-236cda;;;"
last-modified: Tue, 12 Sep 2023 16:44:43 GMT
content-type: image/jpeg
content-length: 262937
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/button.png

14.225.207.65

200 OK

7.3 kB

URL GET HTTP/2
nhanquafreefire.garenav.vn/ngMedia/button.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 296 x 93, 8-bit colormap, non-interlaced\012- data
Size
7.3 kB (7281 bytes)
Hash
36884c47ba97626ea5949e0f4559a48e
89f91ff6ad2ea42fc16e8d6c97ce59c4e719a580
c9cf320db08b8e9f234f02d8661cd45027c7e32342e7bc21686a58bf47e647d3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/button.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "1c71-6125f25e-236cf4;;;"
last-modified: Wed, 25 Aug 2021 07:33:50 GMT
content-type: image/png
content-length: 7281
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/prize0.png

14.225.207.65

200 OK

6.2 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/prize0.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 112 x 112, 8-bit colormap, non-interlaced\012- data
Size
6.2 kB (6247 bytes)
Hash
8595e0da3e1e68d489ecdffc799c0b14
d41f3bd318972cb9fe3a6de8f6c92f3a3a3249da
b9ced009cc9cbff491c2c97c0b30ec3c45ddea28864eea123c0b9deb3a626e27

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/prize0.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "1867-6125f278-236cf9;;;"
last-modified: Wed, 25 Aug 2021 07:34:16 GMT
content-type: image/png
content-length: 6247
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao4.png

14.225.207.65

200 OK

22 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao4.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22502 bytes)
Hash
3b3cb7cd3e7f8c8120e41ea813708a45
811381475727fa16d66d8872af688484263afff5
0cefe819745664a5286c406cde0624e03631e0bf3c55e2dbbd149e858d0c0513

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao4.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "57e6-6500920c-236cdf;;;"
last-modified: Tue, 12 Sep 2023 16:30:04 GMT
content-type: image/png
content-length: 22502
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao5.png

14.225.207.65

200 OK

23 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao5.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22750 bytes)
Hash
79aae2045b3240fb029b6e64c442ed7c
0ca64e41e5086ab3ed85da6e6d04f2a732af0995
c7f9768f059e680db490843df15653fe611b6f458edbe215f8924b2a60818a01

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao5.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "58de-6500920c-236ce0;;;"
last-modified: Tue, 12 Sep 2023 16:30:04 GMT
content-type: image/png
content-length: 22750
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao6.png

14.225.207.65

200 OK

29 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao6.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28588 bytes)
Hash
cb48c28660fde324321ebf4f046afe7c
35e5afdcc7ceccb71a6b29d5d1af629c048ef4ba
a8ec76cefe5ae0a2153d1b038b9c704296dcc108942b9ded910df74b05dfd31c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao6.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "6fac-6500920c-236ce1;;;"
last-modified: Tue, 12 Sep 2023 16:30:04 GMT
content-type: image/png
content-length: 28588
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao7.png

14.225.207.65

200 OK

27 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao7.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (26717 bytes)
Hash
68304105b1b8b70e3c977e53c3f12709
6dab4e3279fe18366810416e2e1e4c2ea530a809
9b70624a0ccb73b46c254e3ed3686763091574c874f007136497e5fbf4299ae3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao7.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "685d-650092e3-236ce2;;;"
last-modified: Tue, 12 Sep 2023 16:33:39 GMT
content-type: image/png
content-length: 26717
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao8.png

14.225.207.65

200 OK

26 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao8.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
26 kB (26259 bytes)
Hash
2cc022d8579160c4b1883e6a68f49b77
52dc6d501625e80d991752b84c7555d8e8d60cb8
b10178a751fe025ba857fcdfb611054a964e678b8c2ea3e16a75bd5754564807

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao8.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "6693-650092e3-236ce3;;;"
last-modified: Tue, 12 Sep 2023 16:33:39 GMT
content-type: image/png
content-length: 26259
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/img/qua/ao9.png

14.225.207.65

200 OK

91 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/img/qua/ao9.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 621 x 588, 8-bit colormap, non-interlaced\012- data
Size
91 kB (91067 bytes)
Hash
d09aa0d3a4e997e48643d1f478220ad4
c62362c47e417001d5391ef834c8dcbec8b28ec8
52251d32bfd5a8c17e1c704e8f746468228a25cb0a515c629469ecaa308497fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/qua/ao9.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "163bb-65009361-236ce4;;;"
last-modified: Tue, 12 Sep 2023 16:35:45 GMT
content-type: image/png
content-length: 91067
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

i.pinimg.com/originals/67/56/66/675666d840a9c8fa1c61eaf584ff2a50.gif

151.101.244.84

200 OK

26 kB

URL GET HTTP/2
i.pinimg.com/originals/67/56/66/675666d840a9c8fa1c61eaf584ff2a50.gif
IP
151.101.244.84:443
ASN
#54113 FASTLY

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerDigiCert Inc
Subject*.pinterest.com
Fingerprint4D:02:6D:A8:DF:FA:2E:1C:D3:43:46:EF:CF:92:F1:7A:41:8F:BA:0B
ValidityMon, 31 Jul 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT

File type
GIF image data, version 89a, 800 x 600\012- data
Size
26 kB (26108 bytes)
Hash
58c7f1e8e4bfaadbcbd8ccc470e363cb
14cd9079c1b8c44bb0c64fb63a5e938602016161
654cb99fb0cdc3b32bf8efbd77c8171f09580840dbd8084e3dbd2427210a9b9e

HTTP Headers

GET /originals/67/56/66/675666d840a9c8fa1c61eaf584ff2a50.gif HTTP/1.1
Host: i.pinimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "58c7f1e8e4bfaadbcbd8ccc470e363cb"
content-type: image/gif
cache-control: max-age=31536000, immutable
accept-ranges: bytes
vary: Origin
x-cdn: fastly
alt-svc: h3=":443";ma=600
date: Tue, 28 Nov 2023 14:55:48 GMT
content-length: 26108
X-Firefox-Spdy: h2

i.pinimg.com/originals/b7/ac/99/b7ac99965b68f4e232d0d473fff16fa8.jpg

151.101.244.84

200 OK

113 kB

URL GET HTTP/2
i.pinimg.com/originals/b7/ac/99/b7ac99965b68f4e232d0d473fff16fa8.jpg
IP
151.101.244.84:443
ASN
#54113 FASTLY

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerDigiCert Inc
Subject*.pinterest.com
Fingerprint4D:02:6D:A8:DF:FA:2E:1C:D3:43:46:EF:CF:92:F1:7A:41:8F:BA:0B
ValidityMon, 31 Jul 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1080x1920, components 3\012- data
Size
113 kB (113196 bytes)
Hash
afca80f988e761e959e41a9d369adcce
ead4ba13f0c66956e03c133492741be6e4671da7
160c678b182be5aea66d8572e907b418d84a1ebdbfa8222fdc38e92556b3d9b0

HTTP Headers

GET /originals/b7/ac/99/b7ac99965b68f4e232d0d473fff16fa8.jpg HTTP/1.1
Host: i.pinimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "afca80f988e761e959e41a9d369adcce"
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
vary: Origin
x-cdn: fastly
alt-svc: h3=":443";ma=600
date: Tue, 28 Nov 2023 14:55:48 GMT
content-length: 113196
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Staatliches&family=Yanone+Kaffeesatz&display=swap

142.250.74.74

200 OK

5.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Staatliches&family=Yanone+Kaffeesatz&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
5.3 kB (5307 bytes)
Hash
436d549045947eb0debf1e3a503a2233
e876b79df2351bc1f463c5b0944f0eb69275890f
0f8eb5962b1932ba03a14887892d99104d864aabbd4bb30a6bf88d5133a78400

HTTP Headers

GET /css2?family=Staatliches&family=Yanone+Kaffeesatz&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 14:55:46 GMT
date: Tue, 28 Nov 2023 14:55:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhanquafreefire.garenav.vn/ngMedia/dialog_bg.png

14.225.207.65

200 OK

5.1 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/ngMedia/dialog_bg.png
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
PNG image data, 872 x 494, 8-bit colormap, non-interlaced\012- data
Size
5.1 kB (5098 bytes)
Hash
1997a3dc8b67ec9eea4c1e4ae4a37026
a8aee3d81fe12a967d4338e0818d41a537b87198
55aa2b435246d8a9c3b18777fa919278c8d41a4ac52c66ed271d58ec89c6ee2d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ngMedia/dialog_bg.png HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 05 Dec 2023 14:54:59 GMT
etag: "13ea-6125f26c-236cf7;;;"
last-modified: Wed, 25 Aug 2021 07:34:04 GMT
content-type: image/png
content-length: 5098
accept-ranges: bytes
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

fonts.googleapis.com/css2?family=Roboto&display=swap

142.250.74.74

200 OK

2.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2319), with no line terminators
Size
2.3 kB (2256 bytes)
Hash
a923b98baca4b55a4d2a4f806222686b
767d3e48a33b662bdb12e0f498fd2510a59a7db4
e927b86850ae1f8b6c9ab3722b76d1f1f72f224d0a3523b04ca29df0e7aee222

HTTP Headers

GET /css2?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 14:55:46 GMT
date: Tue, 28 Nov 2023 14:55:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.pubgameshowtime.com/ip/getcountry

0.0.0.0

0 B

URL GET
api.pubgameshowtime.com/ip/getcountry
IP
0.0.0.0:0
ASN
#0

Requested by
https://nhanquafreefire.garenav.vn/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ip/getcountry HTTP/1.1
Host: api.pubgameshowtime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nhanquafreefire.garenav.vn
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

i.upanh.org/2022/08/15/imageec641b2e279eeda7.png

188.114.96.1

200 OK

2.3 MB

URL GET HTTP/2
i.upanh.org/2022/08/15/imageec641b2e279eeda7.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupanh.org
FingerprintB7:1D:12:69:CA:E7:54:27:FD:8E:7F:11:65:EB:5A:37:09:C5:62:D6
ValidityMon, 30 Oct 2023 05:53:27 GMT - Sun, 28 Jan 2024 05:53:26 GMT

File type

Size
2.3 MB (2258137 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2022/08/15/imageec641b2e279eeda7.png HTTP/1.1
Host: i.upanh.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 14:55:47 GMT
content-type: image/png
content-length: 2258137
last-modified: Mon, 15 Aug 2022 13:02:36 GMT
etag: "2274d9-5e6473eec0d4f"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTZw%2Fwx5sSeg3QIfyIfH7K3A63i4TpQa7Bbz38fT39mru6Aj6sZ%2F%2BAnMQd5zqSuiau2xgkOiGgaZsgTfGpxbOcgmgBnTbsj2f0TeY5zAh0w4Y3bwphIKjT%2F0uTJRhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d374308b3a712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/toast.png

95.101.10.40

200 OK

4.7 kB

URL GET HTTP/1.1
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/toast.png
IP
95.101.10.40:443
ASN
#20940 Akamai International B.V.

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
PNG image data, 953 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4723 bytes)
Hash
1970383e1b289caa82622e38d4be9643
b34d95bb942f45c0551e53b1f79b088c8114a5e5
8df3d3b0eaf7487e08932291d8b2a135ad2ecb2e32bcaba6308df2e2fb7e3436

HTTP Headers

GET /common/web_event/b1get2/images/toast.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
Content-Type: image/png
Content-Length: 4723
x-obs-request-id: 0000018C00CC72F494149E7CB1596AB7
Accept-Ranges: bytes
ETag: "1970383e1b289caa82622e38d4be9643"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSR7fRkaueVGAENfqa22dD9OD31ub9QH
Date: Tue, 28 Nov 2023 14:55:48 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *

nhanquafreefire.garenav.vn/Alphakind.ttf

14.225.207.65

404 Not Found

1.2 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/Alphakind.ttf
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators
Size
1.2 kB (1236 bytes)
Hash
8c16945397b2ea2fa974494c910f6d08
87289c714f1955cc0a4b8d0f5319bf0dcf771141
16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Alphakind.ttf HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
date: Tue, 28 Nov 2023 14:54:59 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/favicon.ico

14.225.207.65

404 Not Found

1.2 kB

URL GET HTTP/3
nhanquafreefire.garenav.vn/favicon.ico
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators
Size
1.2 kB (1236 bytes)
Hash
8c16945397b2ea2fa974494c910f6d08
87289c714f1955cc0a4b8d0f5319bf0dcf771141
16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
date: Tue, 28 Nov 2023 14:55:00 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

nhanquafreefire.garenav.vn/facebook.css

14.225.207.65

404 Not Found

1.2 kB

URL GET HTTP/2
nhanquafreefire.garenav.vn/facebook.css
IP
14.225.207.65:443
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Requested by
https://nhanquafreefire.garenav.vn/
Certificate
IssuerLet's Encrypt
Subjectnhanquafreefire.garenav.vn
FingerprintB4:AA:4E:AE:91:99:9F:6D:6B:00:2E:35:8F:7F:2D:40:4D:EB:67:73
ValidityFri, 27 Oct 2023 15:14:51 GMT - Thu, 25 Jan 2024 15:14:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators
Size
1.2 kB (1236 bytes)
Hash
8c16945397b2ea2fa974494c910f6d08
87289c714f1955cc0a4b8d0f5319bf0dcf771141
16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /facebook.css HTTP/1.1
Host: nhanquafreefire.garenav.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhanquafreefire.garenav.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
date: Tue, 28 Nov 2023 14:54:58 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (39)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash