Report - timhieuluat.com/

Report Overview

Submitted URL
timhieuluat.com/
IP
112.78.1.150
ASN
#45538 ODS Joint Stock Company
Submitted
2023-05-29 01:17:50
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
caulongdanang.com	unknown	2015-09-28	2016-03-02	2023-05-21	412 B	458 B	112.78.1.150
timhieuluat.com	unknown	unknown	2023-03-03	2023-05-21	19 kB	524 kB	112.78.1.150
netdna.bootstrapcdn.com	3413	2012-05-25	2012-09-07	2023-05-28	1.0 kB	106 kB	104.18.11.207
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-28	531 B	98 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	timhieuluat.com/
2023-05-29	medium	timhieuluat.com/js/jquery/jquery-1.11.0.min.js
2023-05-29	medium	timhieuluat.com/js/brivium/ModernStatistic/ModernStatistic.js?_v=34448367
2023-05-29	medium	timhieuluat.com/js/brivium/ModernStatistic/cookie.js?_v=34448367
2023-05-29	medium	timhieuluat.com/js/xenforo/xenforo.js?_v=34448367
2023-05-29	medium	timhieuluat.com/brms-statistic/statistics.json
2023-05-29	medium	timhieuluat.com/deferred.php
2023-05-29	medium	timhieuluat.com/deferred.php

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	timhieuluat.com/	135 B	2023-05-14	2024-01-27
Pretty URL timhieuluat.com/ IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-14 03:18:21 Last Seen2024-01-27 04:19:13 Times Seen4 Hash 94d20c01bdb656baeff634216f9344f3 5bce8c4e0e3bad23d635023af1e58eec8ec1f80d cc49d49a576296bd901c2b4aad983478dea3417606bbc976c0c03afd0176bf50 Loading...

	timhieuluat.com/sandbox%20eval%20code	128 B	2023-05-06	2024-04-24
Pretty URL timhieuluat.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-24 09:04:17 Times Seen21186 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/lib/shim_messaging_helper.js	1.7 kB	2023-05-05	2024-04-24
Pretty URL moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/lib/shim_messaging_helper.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:33:37 Last Seen2024-04-24 09:55:34 Times Seen45014 Hash 865f01cbb34eb505834e826380d7dc2e c239ccc37191f1be78dfaa6bb3f1da5d314fdf9e 30ed6392b8de4590bd974a4a797ee0b12b382f2141738115bfd2d692cfa6ec17 Loading...

	timhieuluat.com/js/dark/taigachat.js?1448728719&_v=34448367	25 kB	2023-03-07	2024-01-27
Pretty URL timhieuluat.com/js/dark/taigachat.js?1448728719&_v=34448367 IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:07:13 Last Seen2024-01-27 04:19:13 Times Seen9 Hash da6891ea6fa96574fddbdb1d29c2c0e6 a64922b8042e310053e0de0e2091da9e439a2977 e86ed6c30444a24b0a27d2a5567714fca54c288f2555a82d4d47e7e4515a4d3f Loading...

	timhieuluat.com/js/brivium/ModernStatistic/ModernStatistic.js?_v=34448367	11 kB	2023-03-07	2024-01-27
Pretty URL timhieuluat.com/js/brivium/ModernStatistic/ModernStatistic.js?_v=34448367 IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:07:13 Last Seen2024-01-27 04:19:13 Times Seen5 Hash 62032c451409beb81df8d1672c3f7092 d1647c9a87c9d4e9ef2042fc32661c75387c49e1 895ff88d366454e4ae62d0ed2396a25b0d8fcf235f3682ce97db38c0c9e5cc07 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-04-24
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-24 09:04:17 Times Seen21048 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	timhieuluat.com/js/xenforo/xenforo.js?_v=34448367	167 kB	2023-03-07	2024-01-27
Pretty URL timhieuluat.com/js/xenforo/xenforo.js?_v=34448367 IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:07:13 Last Seen2024-01-27 04:19:13 Times Seen9 Hash 1d9c6131a4df80b06c141405dbe01b17 12c19cc5dbbadce9b70e7ba02e1df7a9289db78a 4991574cd4578589a70f50a4e14ef722345850be2cc5650cf53780c2463e6e0e Loading...

	timhieuluat.com/	0 B	2023-03-07	2024-04-24
Pretty URL timhieuluat.com/ IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 10:14:22 Times Seen37036472 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	timhieuluat.com/js/brivium/ModernStatistic/cookie.js?_v=34448367	905 B	2023-03-07	2024-01-27
Pretty URL timhieuluat.com/js/brivium/ModernStatistic/cookie.js?_v=34448367 IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:07:13 Last Seen2024-01-27 04:19:13 Times Seen9 Hash ab245f78d8e90a9dd16f7da696843f33 2e627a99ae3d6a7c51d81101d4c119456921ceca de0e17841102fc5706d4b4d8f9c9571874ede8f6870136874f80d51d7f0845e2 Loading...

	connect.facebook.net/vi_VN/sdk.js	17 kB	2023-05-05	2024-04-24
Pretty URL connect.facebook.net/vi_VN/sdk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:33:37 Last Seen2024-04-24 09:55:34 Times Seen44474 Hash b938e0b835c600209bdaae9d8ccda6d7 d5ee79d277057e05f002a18381722b5eb75d3883 d1b95aeb57c3285042e1e24c00cc56a8560d16daf7ee5cdfd5c75296b21ac91b Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-24 10:06:01 Times Seen341207 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	timhieuluat.com/js/jquery/jquery-1.11.0.min.js	96 kB	2023-03-07	2024-04-24
Pretty URL timhieuluat.com/js/jquery/jquery-1.11.0.min.js IP 112.78.1.150 ASN #45538 ODS Joint Stock Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-24 08:23:00 Times Seen18502 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	timhieuluat.com/sandbox%20eval%20code	147 B	2023-04-11	2024-04-24
Pretty URL timhieuluat.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-24 10:06:01 Times Seen341702 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (36)

URL IP Response Size

timhieuluat.com/

112.78.1.150

200 OK

14 kB

URL User Request GET HTTP/2
timhieuluat.com/
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (508)
Size
14 kB (14020 bytes)
Hash
4eb3e76da27380480f15ba3d89b938a7
dc8fc0f53462b48c1ced25512e7ccca5f8b7414d
436d8dac380f369e66847aaa3d8eb056669e56458fb030173bf35c6c2a84ad2c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: text/html; charset=UTF-8
content-length: 14020
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
content-encoding: gzip
vary: Accept-Encoding
set-cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2; path=/; secure; httponly
last-modified: Mon, 29 May 2023 01:17:32 GMT
X-Firefox-Spdy: h2

timhieuluat.com/js/jquery/jquery-1.11.0.min.js

112.78.1.150

200 OK

96 kB

URL GET HTTP/2
timhieuluat.com/js/jquery/jquery-1.11.0.min.js
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
ASCII text, with very long lines (32341)
Size
96 kB (96381 bytes)
Hash
8fc25e27d42774aeae6edbc0a18b72aa
b66ed708717bf0b4a005a4d0113af8843ef3b8ff
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/jquery/jquery-1.11.0.min.js HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: application/javascript
content-length: 96381
last-modified: Sat, 28 Nov 2015 12:56:37 GMT
etag: "5659a485-1787d"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/js/dark/taigachat.js?1448728719&_v=34448367

112.78.1.150

200 OK

25 kB

URL GET HTTP/2
timhieuluat.com/js/dark/taigachat.js?1448728719&_v=34448367
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
ASCII text, with CRLF line terminators
Size
25 kB (25373 bytes)
Hash
da6891ea6fa96574fddbdb1d29c2c0e6
a64922b8042e310053e0de0e2091da9e439a2977
e86ed6c30444a24b0a27d2a5567714fca54c288f2555a82d4d47e7e4515a4d3f

HTTP Headers

GET /js/dark/taigachat.js?1448728719&_v=34448367 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: application/javascript
content-length: 25373
last-modified: Sat, 28 Nov 2015 16:38:39 GMT
etag: "5659d88f-631d"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/js/brivium/ModernStatistic/ModernStatistic.js?_v=34448367

112.78.1.150

200 OK

11 kB

URL GET HTTP/2
timhieuluat.com/js/brivium/ModernStatistic/ModernStatistic.js?_v=34448367
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (543), with CRLF line terminators
Size
11 kB (11014 bytes)
Hash
8d8f2ebe442478b44e397d5060b5b31c
ac877efc7e39c6b03e4b7d9d444ba51120703829
4ee73ad14dbfdf2093a45d999816bdd96a9467546cedeb6916aa4218b78de603

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/brivium/ModernStatistic/ModernStatistic.js?_v=34448367 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: application/javascript
content-length: 11014
last-modified: Sat, 28 Nov 2015 16:23:46 GMT
etag: "5659d512-2b06"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/js/brivium/ModernStatistic/cookie.js?_v=34448367

112.78.1.150

200 OK

529 B

URL GET HTTP/2
timhieuluat.com/js/brivium/ModernStatistic/cookie.js?_v=34448367
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
ASCII text, with very long lines (505), with CRLF line terminators
Size
529 B (529 bytes)
Hash
ab245f78d8e90a9dd16f7da696843f33
2e627a99ae3d6a7c51d81101d4c119456921ceca
de0e17841102fc5706d4b4d8f9c9571874ede8f6870136874f80d51d7f0845e2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/brivium/ModernStatistic/cookie.js?_v=34448367 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: application/javascript
content-length: 529
x-accel-version: 0.01
last-modified: Sat, 28 Nov 2015 16:23:45 GMT
etag: "389-5259c3b62a640-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

timhieuluat.com/css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284

112.78.1.150

200 OK

14 kB

URL GET HTTP/2
timhieuluat.com/css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
ASCII text
Size
14 kB (13504 bytes)
Hash
fb36cab0ca5852ca1315043f40e58105
bc5a16d689932f74da9eabff7aacbd25c9506004
3c78ce5e1c6bea6304f2e4c0ba90e029c11e5730511e4917768f753d8560cb96

HTTP Headers

GET /css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: text/css; charset=utf-8
content-length: 13504
x-powered-by: PHP/5.6.40
expires: Wed, 01 Jan 2020 00:00:00 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 08 Mar 2023 01:51:24 GMT
X-Firefox-Spdy: h2

timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284

112.78.1.150

200 OK

30 kB

URL GET HTTP/2
timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
ASCII text, with very long lines (1083)
Size
30 kB (29862 bytes)
Hash
165680f078c74276d1a2a000b248c799
fa7f4f0360eec171b2c4277cdb330c7b7c27c7cf
726533a043657e0ca93be09f43cb52d98d087352a4b208a6890d1a8c2204bc6b

HTTP Headers

GET /css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: text/css; charset=utf-8
content-length: 29862
x-powered-by: PHP/5.6.40
expires: Wed, 01 Jan 2020 00:00:00 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 08 Mar 2023 01:51:24 GMT
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/social-02.png

112.78.1.150

200 OK

2.3 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/social-02.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2347 bytes)
Hash
668eab2bb13f90ddcb3a4c7af69e7cf3
bc1f651edc5047729caf7f41cb73a9641421e421
24d941af3bfb08506f9bee181ad085d69c156250402ff3c5b6c39827bb1648bd

HTTP Headers

GET /styles/brivium/Nitrogen/extra/social-02.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: image/png
content-length: 2347
last-modified: Sat, 28 Nov 2015 15:20:16 GMT
etag: "5659c630-92b"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/social-01.png

112.78.1.150

200 OK

1.6 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/social-01.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1573 bytes)
Hash
c717558597115eb8a9d83904f5542f58
c9b1255559df58c8af8e19664169c526fbb2b8f6
8a3d86c8e74c1f91b3f24becd9e72004c546d12e51c5f8ea83d6b772d8493d4e

HTTP Headers

GET /styles/brivium/Nitrogen/extra/social-01.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: image/png
content-length: 1573
last-modified: Sat, 28 Nov 2015 15:20:16 GMT
etag: "5659c630-625"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/social-03.png

112.78.1.150

200 OK

2.1 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/social-03.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2134 bytes)
Hash
721b71dd325a3509e60cef06691395c9
fa7c430115b50ff1ce7f764fd4ece7fd4f472091
51aabe7c9d92f878010440e4ba8a734d664f615f578a248aae66553a7c9b53b1

HTTP Headers

GET /styles/brivium/Nitrogen/extra/social-03.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: image/png
content-length: 2134
last-modified: Sat, 28 Nov 2015 15:20:16 GMT
etag: "5659c630-856"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/social-04.png

112.78.1.150

200 OK

1.7 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/social-04.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1719 bytes)
Hash
5823584ddf4cc9d1dd4aef261d2706db
571983dc1130162257d9da6c7068cdb2ef17c43b
ca85bd455ccacc2a9e44245304c108d2707005d1efaed16e2619e5bf3d2c0d4d

HTTP Headers

GET /styles/brivium/Nitrogen/extra/social-04.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: image/png
content-length: 1719
last-modified: Sat, 28 Nov 2015 15:20:16 GMT
etag: "5659c630-6b7"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/social-10.png

112.78.1.150

200 OK

1.7 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/social-10.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1726 bytes)
Hash
b16e30b5dab603103a1accb50007556e
1bf5cde57ce32dbd05263de71d9f802ff3fdfe17
3c50b52c7c1c4a61127709bcc3f37a98266824d529be5fee04a61b6ac464825f

HTTP Headers

GET /styles/brivium/Nitrogen/extra/social-10.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: image/png
content-length: 1726
last-modified: Sat, 28 Nov 2015 15:20:17 GMT
etag: "5659c631-6be"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/social-12.png

112.78.1.150

200 OK

1.7 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/social-12.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1662 bytes)
Hash
001b5baf2595ac7090ccf6ee483514f0
0bef0b7b25842ead621d7893f76906ab893529e7
f17bc07aa8a8cc324c9282530c50d90b1c725482839ad0a105ac2a0930cc3c3f

HTTP Headers

GET /styles/brivium/Nitrogen/extra/social-12.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:33 GMT
content-type: image/png
content-length: 1662
last-modified: Sat, 28 Nov 2015 15:20:17 GMT
etag: "5659c631-67e"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/js/xenforo/xenforo.js?_v=34448367

112.78.1.150

200 OK

167 kB

URL GET HTTP/2
timhieuluat.com/js/xenforo/xenforo.js?_v=34448367
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
Unicode text, UTF-8 text, with very long lines (7085)
Size
167 kB (166795 bytes)
Hash
1d9c6131a4df80b06c141405dbe01b17
12c19cc5dbbadce9b70e7ba02e1df7a9289db78a
4991574cd4578589a70f50a4e14ef722345850be2cc5650cf53780c2463e6e0e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xenforo/xenforo.js?_v=34448367 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:32 GMT
content-type: application/javascript
content-length: 166795
last-modified: Sat, 28 Nov 2015 12:57:06 GMT
etag: "5659a4a2-28b8b"
accept-ranges: bytes
X-Firefox-Spdy: h2

netdna.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0

104.18.11.207

200 OK

84 kB

URL GET HTTP/3
netdna.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://timhieuluat.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 83760, version 1.0\012- data
Size
84 kB (83760 bytes)
Hash
fdf491ce5ff5b2da02708cd0e9864719
7f2f3c55c2de192387c351b995115f6b79e09173
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31

HTTP Headers

GET /font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0 HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://timhieuluat.com
DNT: 1
Connection: keep-alive
Referer: https://netdna.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 01:17:34 GMT
content-type: font/woff
content-length: 83760
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "fdf491ce5ff5b2da02708cd0e9864719"
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-cachedat: 08/25/2022 04:48:59
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 860
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: ccf1da6689457f2424859c6778aaced9
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7ceae5ffaee21bfa-OSL
alt-svc: h3=":443"; ma=86400

timhieuluat.com/styles/brivium/Nitrogen/xenforo/xenforo-ui-sprite.png

112.78.1.150

200 OK

9.0 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/xenforo/xenforo-ui-sprite.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 200 x 57, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9045 bytes)
Hash
af662869b1346f7e3fc7c35d3a1b8455
d813b4e4802b3d0ecf8eed59caf682330b372f5b
8a5c34ea273c331d20d3b8ee057a25cff36cff63991aef781d11d7b2af2af51f

HTTP Headers

GET /styles/brivium/Nitrogen/xenforo/xenforo-ui-sprite.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 9045
last-modified: Sat, 28 Nov 2015 15:20:49 GMT
etag: "5659c651-2355"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/ModernStatistic/light-sprite.png

112.78.1.150

200 OK

1.4 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/ModernStatistic/light-sprite.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 35 x 236, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1381 bytes)
Hash
dcb8876f08dfd9cdc17bf5613f6e112f
ed97b27f065606dc6b06439fda67a090d120cda6
001028dfdc4ac283439f5da08e8599b60f2862a0b4a208a4f0f342bbe2b8f4d1

HTTP Headers

GET /styles/brivium/ModernStatistic/light-sprite.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 1381
last-modified: Sat, 28 Nov 2015 16:23:52 GMT
etag: "5659d518-565"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/icon-sodium.png

112.78.1.150

200 OK

1.8 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/icon-sodium.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 150 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1769 bytes)
Hash
510bbe236ea8b3b4585cf1a4a824cf69
e87bd5312f3f09999793eff35bc60181aca39c52
96dad12d3c220e3bf6c10e40d8ba442417b6552b8af579cad2052c98c98120f3

HTTP Headers

GET /styles/brivium/Nitrogen/extra/icon-sodium.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 1769
last-modified: Sat, 28 Nov 2015 15:20:16 GMT
etag: "5659c630-6e9"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/xenforo/node-sprite.png

112.78.1.150

200 OK

2.2 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/xenforo/node-sprite.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 144 x 36, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2214 bytes)
Hash
3457102126f1d4a0df093471816c6107
ce0ec6b0ba6f131671a0937852e56ed30f4a1aa2
da6d8a1b736c09f2f7d3dd4ca1b75b5ed8aaef734d87f8e9fc558cef410a50c9

HTTP Headers

GET /styles/brivium/Nitrogen/xenforo/node-sprite.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 2214
last-modified: Sat, 28 Nov 2015 15:20:32 GMT
etag: "5659c640-8a6"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/xenforo/gradients/form-button-white-25px.png

112.78.1.150

200 OK

192 B

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/xenforo/gradients/form-button-white-25px.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
192 B (192 bytes)
Hash
8a8c1f7af768595e15a3736775bbb0df
29ad4d007b1cfeebcf115e7a55b4835201890ed6
6a7df56f580bf0b383dfcacf6f1962e04f5acbb343b270fa4749a16864cac5ac

HTTP Headers

GET /styles/brivium/Nitrogen/xenforo/gradients/form-button-white-25px.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 192
x-accel-version: 0.01
last-modified: Sat, 28 Nov 2015 15:20:28 GMT
etag: "c0-5259b59110700"
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,400,600&subset=latin,vietnamese,cyrillic-ext,greek-ext,cyrillic,latin-ext,greek

142.250.74.74

200 OK

98 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,400,600&subset=latin,vietnamese,cyrillic-ext,greek-ext,cyrillic,latin-ext,greek
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://timhieuluat.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT

File type
gzip compressed data, max compression\012- data
Size
98 kB (97507 bytes)
Hash
ee7b15f93d6645d2c78812c924bdc54e
eeb602aed3a503ad4bf1090fd702dcefd101504b
7835bdfd0532b714829bebd65429cbeec2b860343f5eaf7d74fb9437d506a622

HTTP Headers

GET /css?family=Open+Sans:400italic,600italic,400,600&subset=latin,vietnamese,cyrillic-ext,greek-ext,cyrillic,latin-ext,greek HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 29 May 2023 01:17:32 GMT
date: Mon, 29 May 2023 01:17:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/icon-search.png

112.78.1.150

200 OK

1.1 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/icon-search.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1101 bytes)
Hash
ad39db5e8c41aa88dce16cecbb32d99e
a7b7408a551c5e8928a7a8f24c2a117d6e3ff743
dc0e16665dd67e342e7f4c79cbba4c0e08721280892565d626b735834d5926e2

HTTP Headers

GET /styles/brivium/Nitrogen/extra/icon-search.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 1101
last-modified: Sat, 28 Nov 2015 15:20:15 GMT
etag: "5659c62f-44d"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/arrow-02.png

112.78.1.150

200 OK

951 B

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/arrow-02.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 9 x 5, 8-bit/color RGBA, non-interlaced\012- data
Size
951 B (951 bytes)
Hash
7a23acdc59fe1c73dfdad466835f3b4a
d2cb6f02e2e6ef645013df497afd9ea056a04790
9f6b72522ce787dd1ab2d9eb6874339c13f220cbff980bfac97bdaca5029ac40

HTTP Headers

GET /styles/brivium/Nitrogen/extra/arrow-02.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 951
x-accel-version: 0.01
last-modified: Sat, 28 Nov 2015 15:20:13 GMT
etag: "3b7-5259b582c2540"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/extra/bg-navtab.png

112.78.1.150

200 OK

945 B

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/extra/bg-navtab.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 1 x 150, 8-bit/color RGB, non-interlaced\012- data
Size
945 B (945 bytes)
Hash
d845678f3ef97fe8eaaa8b8e59cca3bd
ae42e15cff442d74a0640904b1aae961ad4ae43f
cc7dba0a115cdcceb3b1b07fb4d579369095daa4715416eb115e9deecf592388

HTTP Headers

GET /styles/brivium/Nitrogen/extra/bg-navtab.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 945
x-accel-version: 0.01
last-modified: Sat, 28 Nov 2015 15:20:14 GMT
etag: "3b1-5259b583b6780"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/xenforo/widgets/ajaxload.info_FFFFFF_facebook.gif

112.78.1.150

200 OK

723 B

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/xenforo/widgets/ajaxload.info_FFFFFF_facebook.gif
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
GIF image data, version 89a, 16 x 11\012- data
Size
723 B (723 bytes)
Hash
87a916737734e3968f40cb37bb6a5147
c634cbccb116523fbc6df3654586deebfacf56d8
5a8f886ffb6afed6497f36d8940ab950086a2eb72fe82266f8ac96acc43a8de2

HTTP Headers

GET /styles/brivium/Nitrogen/xenforo/widgets/ajaxload.info_FFFFFF_facebook.gif HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/gif
content-length: 723
x-accel-version: 0.01
last-modified: Sat, 28 Nov 2015 15:20:45 GMT
etag: "2d3-5259b5a146d40"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/ModernStatistic/loader7.gif

112.78.1.150

200 OK

11 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/ModernStatistic/loader7.gif
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
GIF image data, version 89a, 220 x 19\012- data
Size
11 kB (10819 bytes)
Hash
57ca1a2085d82f0574e3ef740b9a5ead
2974f4bf37231205a256f2648189a461e74869c0
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

HTTP Headers

GET /styles/brivium/ModernStatistic/loader7.gif HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/gif
content-length: 10819
last-modified: Sat, 28 Nov 2015 16:23:52 GMT
etag: "5659d518-2a43"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/data/taigachat/messagesmini.html?_xfRequestUri=%2F&_xfNoRedirect=1&_xfResponseType=json&_=1685323053466

112.78.1.150

200 OK

3.3 kB

URL GET HTTP/2
timhieuluat.com/data/taigachat/messagesmini.html?_xfRequestUri=%2F&_xfNoRedirect=1&_xfResponseType=json&_=1685323053466
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
JSON data\012- HTML document, ASCII text, with very long lines (3276), with no line terminators
Size
3.3 kB (3276 bytes)
Hash
4034e238d7ff55b6411fee61cd2f2ef3
fd6bb0850c1e52ade29b644d7ecd1e1dfe47aa94
d2e9b25de99d5f65d47c7730e4f292b846a051fe2a94bb21a662dda8176c613e

HTTP Headers

GET /data/taigachat/messagesmini.html?_xfRequestUri=%2F&_xfNoRedirect=1&_xfResponseType=json&_=1685323053466 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Ajax-Referer: https://timhieuluat.com/
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: text/html
content-length: 3276
last-modified: Sun, 28 May 2023 22:16:27 GMT
etag: "6473d2bb-ccc"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/brms-statistic/statistics.json

112.78.1.150

200 OK

71 B

URL POST HTTP/2
timhieuluat.com/brms-statistic/statistics.json
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
71 B (71 bytes)
Hash
b1780ea145d042e202c3d75788cb4a1d
ea4ca6b9ca70093966d587974813c1050ccb053d
b572f0f93b80f012c3e6fefc0ca8ffe823fa98c5c82bee892d678afb4727891a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /brms-statistic/statistics.json HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Ajax-Referer: https://timhieuluat.com/
X-Requested-With: XMLHttpRequest
Content-Length: 103
Origin: https://timhieuluat.com
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: application/json; charset=UTF-8
content-length: 71
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
last-modified: Mon, 29 May 2023 01:17:34 GMT
X-Firefox-Spdy: h2

timhieuluat.com/styles/tag.png

112.78.1.150

200 OK

733 B

URL GET HTTP/2
timhieuluat.com/styles/tag.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
733 B (733 bytes)
Hash
d6761cd8f61693fbdf7f36b8bd6c1988
1028e1323adbfdd5dc616b261e13eac3778e9f7a
54c7fcc0cae13d60baf6f319f5c4a2bf0b24efde88ec0242271b120cac31547c

HTTP Headers

GET /styles/tag.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=BRMS_ModernStatistic,BRMS_ModernStatistic_dark,EWRporta2_Global,bb_code,dark_taigachat,facebook,google,login_bar,node_category,node_forum,node_list,sidebar_share_page,sonnb_xengallery_navbar_template,wf_default&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 733
x-accel-version: 0.01
last-modified: Sat, 28 Nov 2015 16:38:39 GMT
etag: "2dd-5259c70ac01c0"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/xenforo/logo.og.png

112.78.1.150

200 OK

14 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/xenforo/logo.og.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 87 x 99, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13748 bytes)
Hash
66ef1a2da769cda6a09adb76be78b781
d1fe55541c297ba26516317fe9ed546f42247d86
360b516c760ecd5c7f1332a125ce4366c1ebafe57228b8d40a8f34e3c67f28fb

HTTP Headers

GET /styles/brivium/Nitrogen/xenforo/logo.og.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 13748
last-modified: Fri, 04 Dec 2015 07:03:28 GMT
etag: "56613ac0-35b4"
accept-ranges: bytes
X-Firefox-Spdy: h2

caulongdanang.com/styles/brivium/nitrogen/logo.png

112.78.1.150

404 Not Found

298 B

URL GET HTTP/2
caulongdanang.com/styles/brivium/nitrogen/logo.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjectcaulongdanang.com
Fingerprint37:3B:DA:EC:EC:9E:D9:83:1C:CA:A5:EA:13:60:CA:D0:99:00:7E:04
ValidityWed, 10 May 2023 08:35:19 GMT - Tue, 08 Aug 2023 08:35:18 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
298 B (298 bytes)
Hash
9e7ea202d790a929ee13d8cf8d435ed8
578a3c48aa2585f05d6ef46d2843722974c55b42
d7f55a6ebcbcce5999be9b5c1a75909ce99a44e5c044e95e7fad1734a0b9a7f0

HTTP Headers

GET /styles/brivium/nitrogen/logo.png HTTP/1.1
Host: caulongdanang.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 29 May 2023 01:17:35 GMT
content-type: text/html; charset=iso-8859-1
content-length: 298
X-Firefox-Spdy: h2

timhieuluat.com/data/taigachat/messagesmini.html?_xfRequestUri=%2F&_xfNoRedirect=1&_xfResponseType=json&_=1685323053467

112.78.1.150

200 OK

3.3 kB

URL GET HTTP/2
timhieuluat.com/data/taigachat/messagesmini.html?_xfRequestUri=%2F&_xfNoRedirect=1&_xfResponseType=json&_=1685323053467
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
JSON data\012- HTML document, ASCII text, with very long lines (3276), with no line terminators
Size
3.3 kB (3276 bytes)
Hash
936f6558479f4e15d074ed22a6c8c2ca
e312025ca14a7e06131902713e3fa55ba99b531b
f95297509e2803dcf71398d7e4e7b24f5631e399c58e36667f0f799a381e957e

HTTP Headers

GET /data/taigachat/messagesmini.html?_xfRequestUri=%2F&_xfNoRedirect=1&_xfResponseType=json&_=1685323053467 HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Ajax-Referer: https://timhieuluat.com/
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:44 GMT
content-type: text/html
content-length: 3276
last-modified: Mon, 29 May 2023 01:17:34 GMT
etag: "6473fd2e-ccc"
accept-ranges: bytes
X-Firefox-Spdy: h2

timhieuluat.com/deferred.php

112.78.1.150

200 OK

21 B

URL POST HTTP/2
timhieuluat.com/deferred.php
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7683c40a1c0bb44c43e60758a4d5c1e4
b9f30bb14491b7e64617b3cb0e3abede27fa9954
397ea43adddf909cb049d40e609cc084badb1c2da3135710a6a7a675cb361e54

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /deferred.php HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Ajax-Referer: https://timhieuluat.com/
X-Requested-With: XMLHttpRequest
Content-Length: 54
Origin: https://timhieuluat.com
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: application/json; charset=UTF-8
x-powered-by: PHP/5.6.40
expires: Tue, 03 Jul 2001 06:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 29 May 2023 01:17:34 GMT
X-Firefox-Spdy: h2

timhieuluat.com/styles/brivium/Nitrogen/ver2.png

112.78.1.150

200 OK

97 kB

URL GET HTTP/2
timhieuluat.com/styles/brivium/Nitrogen/ver2.png
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
PNG image data, 1200 x 112, 8-bit/color RGB, non-interlaced\012- data
Size
97 kB (96683 bytes)
Hash
222a754f2a5f8618ba4afe5547736020
45ac940482ccd98a87c696bad21de0cc2da4d516
ba822bceb76f72bc2fcf224ffd768e953da08f5a5161f61cb8e4b2879c91e52a

HTTP Headers

GET /styles/brivium/Nitrogen/ver2.png HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1678240284
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:34 GMT
content-type: image/png
content-length: 96683
last-modified: Tue, 07 Mar 2023 01:41:42 GMT
etag: "64069656-179ab"
accept-ranges: bytes
X-Firefox-Spdy: h2

netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

104.18.11.207

200 OK

21 kB

URL GET HTTP/2
netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://timhieuluat.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (20604)
Size
21 kB (20766 bytes)
Hash
bbfef9385083d307ad2692c0cf99f611
63a234ea4d60f6643a60a4d79e28f291b93c1743
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0

HTTP Headers

GET /font-awesome/4.1.0/css/font-awesome.min.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 01:17:32 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-cachedat: 11/16/2021 10:00:11
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 0eb7160e8356338bb079cae66d61082c
cdn-cache: HIT
cf-cache-status: HIT
age: 28367050
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7ceae5f88ddbb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

timhieuluat.com/deferred.php

112.78.1.150

200 OK

22 B

URL POST HTTP/2
timhieuluat.com/deferred.php
IP
112.78.1.150:443
ASN
#45538 ODS Joint Stock Company

Requested by
https://timhieuluat.com/
Certificate
IssuerLet's Encrypt
Subjecttimhieuluat.com
FingerprintF0:1D:BB:63:15:B2:B2:56:6E:EE:B9:A3:A9:6B:89:11:48:53:98:2C
ValidityTue, 02 May 2023 07:34:05 GMT - Mon, 31 Jul 2023 07:34:04 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
5cfba5d5eaefc15c8d7923d5c83b70e7
207bbe6673b30b4c5da2a3c83f1c23cd3bda97fa
cce18387983122e53bef0e1a8830271959eed84ef8f15444f4cebb9d47a70c53

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /deferred.php HTTP/1.1
Host: timhieuluat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Ajax-Referer: https://timhieuluat.com/
X-Requested-With: XMLHttpRequest
Content-Length: 54
Origin: https://timhieuluat.com
DNT: 1
Connection: keep-alive
Referer: https://timhieuluat.com/
Cookie: xf_session=60b0bfeac8ff3664206a2f6ed2a003c2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 01:17:35 GMT
content-type: application/json; charset=UTF-8
x-powered-by: PHP/5.6.40
expires: Tue, 03 Jul 2001 06:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 29 May 2023 01:17:35 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML