Report - nhacaiuytinvn.biz/

Report Overview

Visited public
2023-09-23 22:12:39
Tags
URL
nhacaiuytinvn.biz/
Finishing URL
nhacaiuytinvn.biz/
IP / ASN
104.21.10.78
#13335 CLOUDFLARENET
Title
Top 10 nhà cái uy tín, nhiều người chơi nhất Việt Nam - Nhacaiuytin.biz

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-23 05:09:29	1.3 kB	2.8 kB	142.250.74.131
web1s.com	unknown	2018-10-14	2015-07-27 16:38:35	2023-09-20 12:40:34	891 B	5.6 kB	104.26.10.163
nhacaiuytinvn.biz	unknown	2023-04-06	2023-04-07 09:07:26	2023-09-24 00:12:13	12 kB	3.0 MB	172.67.144.236
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-23 07:01:55	6.0 kB	202 kB	216.58.207.227
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-09-23 07:57:18	436 B	90 kB	142.250.74.106
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-23 06:38:57	514 B	22 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-23 22:12:20	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-09-23 22:12:20	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed
2023-09-23	medium	nhacaiuytinvn.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	nhacaiuytinvn.biz/	ScriptElement	476 B	2023-03-07	2025-05-09
Pretty URL nhacaiuytinvn.biz/ IP 172.67.144.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 12:32 Times Seen16544 Hash ce71388c2d441cfb9ef0985bc4e5bb71 1e74c490ed76f671eb45ab0b45c9c9f5b9b89f0f efb5a648656ae8f944fbf74e5644126464160ab50197a288c8b587e74edd575a Loading...

	nhacaiuytinvn.biz/	ScriptElement	9.9 kB	2023-03-26	2025-04-24
Pretty URL nhacaiuytinvn.biz/ IP 172.67.144.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 00:06 Last Seen2025-04-24 04:39 Times Seen92 Hash 5b8deddd46bb1e719170ff49d1b59f26 e8e46b224504775b6e7af3ab566173eb17faccb3 9093d210d9b18372108d3d4d1ba1d7ce3668cb2c5e9d2adf89f10a0d9a740fd9 Loading...

	web1s.com/site.js	ScriptElement	13 kB	2023-09-23	2023-11-30
Pretty URL web1s.com/site.js IP 104.26.10.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 06:17 Last Seen2023-11-30 07:43 Times Seen4 Hash e59e08d99f612f118c9d807a4213a98b 9fe4d29a40ca9401647a19fd6d9b8a0a1051183b 37dbde1a161aa12faa19de69d2a05072f67b7e604c28c7c983f157870b9f1ed6 Loading...

	nhacaiuytinvn.biz/	ScriptElement	53 B	2023-09-24	2024-08-29
Pretty URL nhacaiuytinvn.biz/ IP 172.67.144.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-24 00:12 Last Seen2024-08-29 17:50 Times Seen2 Hash 97cb1f38bdcfa0df99a6e2b067d630e7 9684a8b2615a6c1d0275043ebd154490840864a5 899ceef0c67683d57c26550cd6e83d25d87753d1c641e07f75e9171af9eed4f6 Loading...

	nhacaiuytinvn.biz/	ScriptElement	179 B	2024-08-21	2024-08-21
Pretty URL nhacaiuytinvn.biz/ IP 172.67.144.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:55 Last Seen2024-08-21 05:55 Times Seen1 Hash 81e62df851895e4ff0440571162ee902 9f7723baf5537f4cf4574e3fca65e7faf22a991d e54e4d138ec257cf3ecbe323ddd269cd17b513afbe4d153c777f7459f76a979c Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 12:51 Times Seen205629 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	nhacaiuytinvn.biz/	ScriptElement	117 B	2023-03-07	2025-03-04
Pretty URL nhacaiuytinvn.biz/ IP 172.67.144.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:30 Last Seen2025-03-04 06:53 Times Seen12 Hash 0700a8810189fa80c0a31a4b46c5351a c7a14ed54339715bbbaacf5501a6d9802aa88255 87c196ed4ce2d8aab96ad5ec2ce7edf1b21bdbd9b2fcfe42651d302c5cb54677 Loading...

HTTP Transactions (44)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 22:12:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

web1s.com/site.js

104.26.10.163

200 OK

4.0 kB

URL GET HTTP/2
web1s.com/site.js
IP
104.26.10.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectweb1s.com
Fingerprint6B:43:5F:C0:00:D2:E7:7B:8A:69:F3:38:4C:3B:18:4B:6F:9D:5B:D1
ValidityFri, 25 Aug 2023 02:39:42 GMT - Thu, 23 Nov 2023 02:39:41 GMT

File type
ASCII text, with very long lines (13308), with no line terminators
Size
4.0 kB (3954 bytes)
Hash
e59e08d99f612f118c9d807a4213a98b
9fe4d29a40ca9401647a19fd6d9b8a0a1051183b
37dbde1a161aa12faa19de69d2a05072f67b7e604c28c7c983f157870b9f1ed6

HTTP Headers

GET /site.js HTTP/1.1
Host: web1s.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 10 Sep 2023 07:12:22 GMT
vary: Accept-Encoding
etag: W/"64fd6c56-33fc"
expires: Mon, 09 Sep 2024 07:35:40 GMT
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1175801
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tx%2BieFtRcB%2B0Vd1Fzf22sRcbLzDO7KQvDvjsI2yhXV8v0cCI8ihvFlPSthkEFyyEy7Usz2rETpAZFHD1vd7m4rIi90DBuKR0w1tYKMcA0o0QZoJBsB%2FDxTqIWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 80b620f37a3156c7-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23ee71f34a80feec27e23d99ecada83e
62f4c8dcc03187e2bdcdfa76dc732d4eebde5cc1
429bd03ec19810ed389955d166c98e62d9850e52160fbec3dd27da2cc30200fe

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 22:12:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nhacaiuytinvn.biz/wp-content/themes/site/css/images/icons/newspaper.woff?19

172.67.144.236

200 OK

25 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/images/icons/newspaper.woff?19
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
Web Open Font Format, TrueType, length 24864, version 0.0\012- data
Size
25 kB (24864 bytes)
Hash
b527d8ce3f034285f69b410d6ac6e58b
80c79fe969594d2f4c57027650872fdd7bba491d
ea9ad8f6ace011a694d664482cc6ca0acc2dd86a8d6b684154327ec84c0c95fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/images/icons/newspaper.woff?19 HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/wp-content/themes/site/css/style-theme.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: application/font-woff
content-length: 24864
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
etag: "6433b23f-6120"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAnHdZdvnQORzpUNUj0m8VJs88fqxIbHka1dr5mglXHZizXP3nfwYaY0ugUhrmoSqumFTmu3tKdMAilDpEa5jtbLifulOztMUoN6cNXUuRUvXuc%2B5NhzU2eYQb45QRrNBqV0Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b620f6edc756af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/mobile.css?ver=5.5.5

172.67.144.236

200 OK

21 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/mobile.css?ver=5.5.5
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with CRLF line terminators
Size
21 kB (21133 bytes)
Hash
2a7face36f87e6f8ca4703037e5dc30e
8e53188e39f109e74380fe72c865f0d86845b113
278cb0b37a81b3bb111e27261af6ce7647111cb0b55a1e91e72a32ac48cd4f7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/mobile.css?ver=5.5.5 HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-ecc2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrd2tNC%2BK59jkQKRTd1DJuLIM97WXwUSRVLMHHQA%2FDQZq2Ov3K50Xt%2FRdJj1QFUxpqPq2loVlrUplpvjz%2Fzgo46FsYysOLN%2BfciweSAIH%2Fk5J0wDI7nIwZrpHVIg6IfVhjo1sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f32b2156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23ee71f34a80feec27e23d99ecada83e
62f4c8dcc03187e2bdcdfa76dc732d4eebde5cc1
429bd03ec19810ed389955d166c98e62d9850e52160fbec3dd27da2cc30200fe

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 22:12:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 10:05:24 GMT
expires: Sat, 21 Sep 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 130018
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

216.58.207.227

200 OK

5.6 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5560, version 1.0\012- data
Size
5.6 kB (5560 bytes)
Hash
ca3b09b62fda648a4511700413313fd0
109cd4c5435bd6614391bb8722c47c287c96b2ec
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5560
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 15:13:25 GMT
expires: Fri, 20 Sep 2024 15:13:25 GMT
cache-control: public, max-age=31536000
age: 197937
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

216.58.207.227

200 OK

12 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11824, version 1.0\012- data
Size
12 kB (11824 bytes)
Hash
deb26e9b1a25438118e5d39d741ae6b6
a2801defb4c8bed8e4083dfde0b2a5a9c0537020
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 17:23:11 GMT
expires: Sat, 21 Sep 2024 17:23:11 GMT
cache-control: public, max-age=31536000
age: 103751
last-modified: Wed, 11 May 2022 19:24:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

216.58.207.227

200 OK

5.5 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5548, version 1.0\012- data
Size
5.5 kB (5548 bytes)
Hash
cdaab83619fcacd4027a77c99dd51e69
9e6eae8554f8cc2309b2dae2d9fa217e34eed6a4
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5548
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 05:05:51 GMT
expires: Fri, 20 Sep 2024 05:05:51 GMT
cache-control: public, max-age=31536000
age: 234391
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 09:00:39 GMT
expires: Wed, 18 Sep 2024 09:00:39 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 393103
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35120, version 1.0\012- data
Size
35 kB (35120 bytes)
Hash
dd986ff1050050613be051863773d677
51a12487fd51cc02ca54a984f82d63318807ca2e
d9784dbf11886ea032ffbd00f499d333519babe001eacc19df7ab89de17bec47

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35120
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 03:57:33 GMT
expires: Wed, 18 Sep 2024 03:57:33 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 01:03:47 GMT
content-type: font/woff2
age: 411289
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16424, version 1.0\012- data
Size
16 kB (16424 bytes)
Hash
aa485a5ac8e86032c387497a6e8e139a
c29462206cfb74110ce0e59a2fb5e8cbedbf9c96
db5d7bb36691306bda51b903c84fbdef4206d3c166b8080100915d16a617f5ea

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16424
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 02:39:18 GMT
expires: Wed, 18 Sep 2024 02:39:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:41:40 GMT
content-type: font/woff2
age: 415984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16424, version 1.0\012- data
Size
16 kB (16424 bytes)
Hash
aa485a5ac8e86032c387497a6e8e139a
c29462206cfb74110ce0e59a2fb5e8cbedbf9c96
db5d7bb36691306bda51b903c84fbdef4206d3c166b8080100915d16a617f5ea

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16424
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 02:39:18 GMT
expires: Wed, 18 Sep 2024 02:39:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:41:40 GMT
content-type: font/woff2
age: 415984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhacaiuytinvn.biz/wp-content/uploads/2023/04/fun88.jpg

172.67.144.236

200 OK

66 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/fun88.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 780x389, components 3\012- data
Size
66 kB (65500 bytes)
Hash
9f244597a31e5b627046ee3d466db9fd
900a9fa816fdf35dab866a5339b4ab5009d12ecb
aafc519254d94315947657ddfccf1442c57e24dd2acc13c869e9c4e87ff0e995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/fun88.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: image/jpeg
last-modified: Sat, 08 Apr 2023 07:39:09 GMT
vary: Accept-Encoding
etag: W/"64311a1d-c1ac"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jf2OSJKdFaZtYWmsPkU7hLv2HnYbwjveVfwfZ6sMP6qtH2VQ9P3gVwc%2FudF8FquQ0iW3s2Ne7ddHFHShOdryg8svrZNc22z0TNOOmkZbUw5%2BTpk11Pt%2BFyv1uLL%2BE87Aj7jA3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f33b2f56af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/style-theme.css

172.67.144.236

200 OK

60 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/style-theme.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with very long lines (378)
Size
60 kB (60453 bytes)
Hash
6ce7318b2c53ae8c0f3597e016da141c
35b7cfcd828603f2125cb25a97837ce7f8282277
fb0d0b959b1e64d469598c8983df9f1ca1db4038814367652346b4289ebf0427

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/style-theme.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-241d6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bCspn53GhZ9DT1rGxEJByWoKLN5SwrgYGYWCgzdCOOgkRJ3q8%2FLYvHOJTUwcM7FygipP%2Bnr8TR%2B34eoyo4FkElQKKEJlbqzkwJmRk155RU2ZaZb%2BHIGyIw8QDCYbz6QnsKzBvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f30b0b56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/style-multi.css

172.67.144.236

200 OK

10 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/style-multi.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with very long lines (37284), with no line terminators
Size
10 kB (10335 bytes)
Hash
7100e283eec087a4455ad5e0801c33d9
8f8b037ee9c131c09e34adee79837be7a4dd7898
8f8cc147e7d72b6897396e014c7584dc38135f38961045cab55439dddaa268f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/style-multi.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-91a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zJ8khTJuUa95GhGLANXmggAsk9SJVZ5AbHbeQA95zjOhcDr1bD4heIpJ7%2FIfQPheGZINYN6ebz5GMsMql2jY3D77BNCWAx7F0CWOj5paGYlDdp1QPbNwiRW8Gm2rKkRjni%2BPnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f2faff56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/04/fb88.jpg

172.67.144.236

200 OK

182 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/fb88.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x495, components 3\012- data
Size
182 kB (181756 bytes)
Hash
719df704160868807173d15252580c41
72a26ea056be1e90a14b733d0e0d44b993dddfab
6f4fce7d19df0d2dfc054369ad54a82fa41706f7b3204547bac43511b2ef7756

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/fb88.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: image/jpeg
last-modified: Sat, 08 Apr 2023 07:39:08 GMT
vary: Accept-Encoding
etag: W/"64311a1c-208cc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQ1Rnt4O0BZwc1MU%2BFtMor8X%2F5%2BJ2hvwMXd3R8SA4vVTP4NCsiTFOz9cP2YswIp44ATSMQ2REAtoixigbcxvzRbIq5GeWpbTeM6n%2F5GbyXX8F88E8sUJvEXlSlzp6F%2BHE%2BM80w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f32b2856af-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23ee71f34a80feec27e23d99ecada83e
62f4c8dcc03187e2bdcdfa76dc732d4eebde5cc1
429bd03ec19810ed389955d166c98e62d9850e52160fbec3dd27da2cc30200fe

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 22:12:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nhacaiuytinvn.biz/wp-content/uploads/2023/04/cove.jpg

172.67.144.236

200 OK

61 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/cove.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, baseline, precision 8, 300x300, components 3\012- data
Size
61 kB (60949 bytes)
Hash
41a6bbef98c9e3f623db3b29113569bd
66778fd73b9224b48f8d6f77a6faa95576f225b8
689057e51c66b9c42fbd494eeb8be6eb91d82a9f2859c1bbce571ba53ff32a7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/cove.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: image/jpeg
last-modified: Mon, 10 Apr 2023 07:24:53 GMT
vary: Accept-Encoding
etag: W/"6433b9c5-74ec"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6qg7KtEZNj3xugBxHzR3h%2B5dku4IUITVgqKtcn0D7W3j2%2Fwv81bz2Y1SPBeMTqQKMt3waFm2QadKRMwSOKIFjc%2FjM1fZJ1WgK8VwKRNvyb0ZpAfnl3czyIax%2Ftwi8jEfBAOjnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fac84d56af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/td-style.css

172.67.144.236

200 OK

5.8 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/td-style.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with very long lines (5835), with no line terminators
Size
5.8 kB (5831 bytes)
Hash
8acd4fe8a77266c45f66a49129a1eb0a
258cf1a44cc9fdb4a9161798898c339c7ba7aed4
507caebf27733311e83e063c63973270d31aba7e156a80ce851f6fe8e1b9bb13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/td-style.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-16c7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZBmjvwkirT6tGoAzBW624FOgXf9TXAaZvKI%2FswdXCbcwuD7LVa0UKLFQYhvtW%2FGpBSepiC%2BqWG7a9dfjmhyFWoFUNo1REs75aFpkoQyYDVny9T1aAAtJofsjIeyORBVqCBXxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f2faf856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/04/logo-fb88.png

172.67.144.236

200 OK

50 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/logo-fb88.png
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (50002 bytes)
Hash
9c47cf6911d115d0bd1902b093c6a869
a4eced9bf9d7f4ba5523aae1f663612b8bbc4500
3b8cccf35bf1680c9cd3dc3357fc0aaa6860bcd6344893697a3c3f7a700ccf7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/logo-fb88.png HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: image/png
last-modified: Mon, 10 Apr 2023 07:24:54 GMT
vary: Accept-Encoding
etag: W/"6433b9c6-c352"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dvuo5KPslrh2JtGTHmq3bfv9FH7eLP4nSkU5%2BMgNVvfwN1HDCimivepmEPdJ2PGHgUKgJYk4g6MwXEa%2BvsHJSf6sv1HG8Jj3s%2F7Xck0w2hOC1SZvUpVB4yrhKOl8I6FM467eTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fac84756af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/tds-front.css

172.67.144.236

200 OK

46 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/tds-front.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with very long lines (1273)
Size
46 kB (46538 bytes)
Hash
6414cc837f9e38c725ab521656b117cc
b277561ed5fd68e8c1cce218aa408681452c7309
0861ad16fd78c0e6af661a9875f6145cdfc922152a04f7295712f1df9c2b1ca8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/tds-front.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-b5ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0oHPn9xTbH%2FBC3znugMoxc5bDo4%2Fc0Qax6eEQ6C5cOlRk4kUGGmAzmAAPSQBq1tZdmvCMT3p9WY9%2FlL%2BcMsguwLUYfnopCnjzhbTj2LL2x2mAch3RnoNwhrW3OiIzfJnLQarRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f30b0856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 04:50:55 GMT
expires: Fri, 20 Sep 2024 04:50:55 GMT
cache-control: public, max-age=31536000
age: 235287
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhacaiuytinvn.biz/wp-content/uploads/2023/04/cropped-Screenshot-2023-04-08-091807-32x32.jpg

172.67.144.236

200 OK

952 B

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/cropped-Screenshot-2023-04-08-091807-32x32.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3\012- data
Size
952 B (952 bytes)
Hash
a87117b21328a2e43a583e0d209c7ad5
76504f7e4aeefa3342718ceae4fdf1f4c0db95aa
c19874180c2e88bb3e16f458d3ccc170d7c2a09a809b868be9566e63f23044a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/cropped-Screenshot-2023-04-08-091807-32x32.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:23 GMT
content-type: image/jpeg
last-modified: Mon, 10 Apr 2023 06:58:47 GMT
vary: Accept-Encoding
etag: W/"6433b3a7-3b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fkf7%2FSO6C3lknPuOwKNFeZ98c6uBgBCRgR0IHcUp8cR4s1WSJJ2kphOFlW%2BuZ7gM7l9UcIopUA2x3wG9tOg%2BwsduDcGFUTpew8tY5q0gVKty0Mf24cEH%2B0ktNV%2FN4LakUy%2Fh7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fca9db56af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/

172.67.144.236

200 OK

136 kB

URL User Request GET HTTP/2
nhacaiuytinvn.biz/
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type

Size
136 kB (136424 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 22:12:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0, public
expires: Sat, 23 Sep 2023 22:12:20 GMT
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Cgh969pkleMVPnp6E%2Fh2IDBiaK81XkLZzglyCT25pnh%2BsVqi%2BLNYrZFCETaJjL0DQoywhlpGo%2FcAb3unva4dFwWtZEluLwyqqh9yjksZ1cH074qNgQ%2BJOmTU727jSpmUD0pmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620ee0e9856a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nhacaiuytinvn.biz/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2302

172.67.144.236

200 OK

1.2 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2302
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with very long lines (1156), with no line terminators
Size
1.2 kB (1156 bytes)
Hash
c36a54231034d43c59838cffd223ae0e
2d28ea215858ad20b347db91ba63b877d506f751
2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2302 HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Sat, 08 Apr 2023 07:18:32 GMT
vary: Accept-Encoding
etag: W/"64311548-484"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEkSGNIX1xiMnH%2FB0sznrgesBGF7Z1kvFNhobYkx9iiK%2F21rFxhZuvONGxW6MIQGYv6Q9jRJV2YXpWoSrJjUz54kui9ZnXLieeY3ARbjN6WP4PlhoqU6wHjOJ55Hydej39v2tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f32b2356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-includes/css/dist/block-library/style.min.css?ver=6.3.1

172.67.144.236

200 OK

104 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-includes/css/dist/block-library/style.min.css?ver=6.3.1
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type

Size
104 kB (104484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.3.1 HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Wed, 09 Aug 2023 07:28:16 GMT
vary: Accept-Encoding
etag: W/"64d34010-19824"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRDbUzfsrPR9HJExF4Wnwki5NOKUfcDra%2BOa3%2BhmcPf3d%2Fw5Was2Kh3dM12u%2BaC0AP2FS6DNhNGNbWlwlQQJr2syDcIaq3uCuLEXn%2BMpwbulyBaeRSGsv3iUPAvY88TP83%2FJXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f32b2256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web1s.com/step

104.26.10.163

200 OK

17 B

URL POST HTTP/2
web1s.com/step
IP
104.26.10.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectweb1s.com
Fingerprint6B:43:5F:C0:00:D2:E7:7B:8A:69:F3:38:4C:3B:18:4B:6F:9D:5B:D1
ValidityFri, 25 Aug 2023 02:39:42 GMT - Thu, 23 Nov 2023 02:39:41 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
4ed5e50a2c971f4bd1c384b01ff25d43
80896d71f8ad95c6e5547cf64aafd44b91ef1f65
83996ce8fed26fb2cfd6165f2218042dc1ae30c1534354c38e3c5a528c6fc70f

HTTP Headers

POST /step HTTP/1.1
Host: web1s.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 297
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 22:12:23 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, private
x-ratelimit-limit: 6000
x-ratelimit-remaining: 5999
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZwaEdtQZxbME2ffHoGkw9SaV2eHHLbsuUgdZZKY0UUJhzOc62EOLGaoAwVgu0CYIBDamQv2KJTzJDeacoEU1ByujFhDBSrhjnbv7Y559RdHUVq19H%2BZ6pefV0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 80b620fdcf03b524-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2

216.58.207.227

200 OK

5.6 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5604, version 1.0\012- data
Size
5.6 kB (5604 bytes)
Hash
7cda2cfee99d697daf8c14819d9004eb
76f4002863493c93454a9f17424942f321287cba
0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 23 Sep 2023 11:19:12 GMT
expires: Sun, 22 Sep 2024 11:19:12 GMT
cache-control: public, max-age=31536000
age: 39190
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhacaiuytinvn.biz/wp-content/uploads/2023/04/v9bet.jpg

172.67.144.236

200 OK

164 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/v9bet.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x618, components 3\012- data
Size
164 kB (164362 bytes)
Hash
00aaa3e4f1b0108197c876bff3017582
dce3acbb289f29cac14d60fe9582b07ccc3d8016
03a57cef1782b50009605d8fcc1112e4a17106e0418caccfc4304aeb4e018137

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/v9bet.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: image/jpeg
last-modified: Sat, 08 Apr 2023 07:39:12 GMT
vary: Accept-Encoding
etag: W/"64311a20-2820a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVKkHn7YVSa00r8oPTksnVGmx6n8MO0DORyQTvu8YldFGBs4uPdWrtbCOe7YjqVo6V100wbjav4WQfGSORb0ZvqhxwuQwWTvWrxj3e1wQCypAOTsBpaN9EOi1QVekRkCQIwI7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fad85156af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/04/logo-8xbet1-1.jpg

172.67.144.236

200 OK

99 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/logo-8xbet1-1.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 625x625, components 3\012- data
Size
99 kB (98772 bytes)
Hash
b14b7383aa7201d5a84e13f5b97ef911
9ebc38e0ee7fa0e1994461913ac69afa2ed651e9
f255bb58a77c0ec9d209cf7079b15635078e7ff1a9b4faa0ec9de7a6955cfe8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/logo-8xbet1-1.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: image/jpeg
last-modified: Mon, 10 Apr 2023 07:25:40 GMT
vary: Accept-Encoding
etag: W/"6433b9f4-181d4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kobv7aJeR%2BKJkqp6rglq%2BdOLW3xEDcyhg1nDuLr%2FF1FW02i2xd1IFPisqjUTwR9KHyFBKgytV76m9QnMwQ56PDwHvqwOlFB6c9vkGai7JEBxAxfEnTPhUUpuNzz7tB7WZN5uIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fac84f56af-OSL
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.106

200 OK

90 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 20 Sep 2023 02:19:30 GMT
expires: Thu, 19 Sep 2024 02:19:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 330773
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nhacaiuytinvn.biz/wp-content/themes/site/css/style.min.css

172.67.144.236

200 OK

89 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/style.min.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type

Size
89 kB (88932 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/style.min.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-15b64"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KLTjetmQdKOYng1FFdF2Kk5bNnl1EI3S2OrZgLjSWz1W6oz8UAeQwK65HeTVlxSN%2Fyshc5GWcFym62rpvyPR36MQvtRVEMxacq3ZPUhgaBJVLTB1UZZ7lgiHAmKusj3sXaN4ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f2faf356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/td_legacy_main.css

172.67.144.236

200 OK

159 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/td_legacy_main.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text
Size
159 kB (159012 bytes)
Hash
c4d77a231e41dbe6548864791c027344
f77621edb78cfbc102604698e569485fdd8414e1
dce6ed3fac3d64759996019b76f28695264191b24a590f0dcf2fbbf04155a325

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/td_legacy_main.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-26d24"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xo3zHVv0v9lE93%2Fjj3%2FbUq9oDLlwEeCCmmxndaCgt4ZwKMl8b6XPg3GJ1C3D1tEZ07qD%2BKIXW4qIftV4xuqp%2F7C86kvONapLizhlF9n%2Fm1%2Fdauc4CocSA%2BhX3K%2BUUjDUwQwCZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f31b0f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/style.css?ver=5.5.5

172.67.144.236

200 OK

172 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/style.css?ver=5.5.5
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text, with CRLF line terminators
Size
172 kB (172316 bytes)
Hash
c53420f778a529d9ca86ef2eb8a7bfda
13a03dffd845d8bd9b0b6cfd97c1fa82c1387ef4
2dfd187e77f01b82f108ff0f9da6e53ca0a8649e7a4fac8afa15c37485b12556

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/style.css?ver=5.5.5 HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-2a11c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kG5AVQAy9sovFcmw25waCxfVfZhBGZV1IOn%2B7HO8r%2B82dMyomzGahQKm%2FZJllTZZ5wncOWwyBcVv5Lk5ys2WAcYOkjc19XeYR6zv78RuLpFE8VyX9cGbtjbBazpa5gaJTnJrLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f32b1f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/themes/site/css/td_standard_pack_main.css

172.67.144.236

200 OK

732 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/themes/site/css/td_standard_pack_main.css
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
ASCII text
Size
732 kB (732364 bytes)
Hash
23997cb38dd794c80d68ba81b561f0f6
dcfec55dfd3ddd4760c079de3617f4b95751b79a
873d6730d34091d4eeada86d8e715343090fdecd7260bb724e88921eac8e6836

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/site/css/td_standard_pack_main.css HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: text/css
last-modified: Mon, 10 Apr 2023 06:52:47 GMT
vary: Accept-Encoding
etag: W/"6433b23f-b2ccc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnACcIdaV%2FiM3pA5o%2BfMD1FHiKxRrvjWFOsDH8yVGKbf6%2FKG%2BISstA7HjA5NSjqpiCsbyONd7SnJQGcg0kS9VigkrsTg6tXE2TNsiaXvDBAgIqS%2BY%2FijSq1j%2F%2F8iSrfK%2FyYATg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f31b1a56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/04/w88.jpg

172.67.144.236

200 OK

78 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/w88.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x299, components 3\012- data
Size
78 kB (78394 bytes)
Hash
f682bd912bc6e4483628943714a985f7
cc2ece961a02fa119709abb46b3b1fa024df11b7
86152d74cb07837895aa6a879e24daa7a69b5ad6c915abbeefdd69275fdf4fa0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/w88.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: image/jpeg
last-modified: Sat, 08 Apr 2023 07:39:13 GMT
vary: Accept-Encoding
etag: W/"64311a21-1323a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bq63hMZc%2Bwvn%2FVJz0eolaJJXKi8rthxp24S3w%2BTgQYCL31w33G5uIE1vsI0EWheaPwMaxEHZXGItfHP1wDY8QBMEYZ0qNxnVpMwhy0EAWX7eZ8wnvNBzgv%2Byr735WzSP4kPHIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f33b2d56af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/07/728-x-90.gif

172.67.144.236

200 OK

640 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/07/728-x-90.gif
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
GIF image data, version 89a, 728 x 90\012- data
Size
640 kB (640200 bytes)
Hash
a2216739e80eebe34e726d0cd3996ddf
a9b98a0ded237062782b46af0ac5003d5354a13b
64a481b6ef9dbd5248b575a0c7caa63171136acdd118c2234f7717746c9da561

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/07/728-x-90.gif HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:21 GMT
content-type: image/gif
last-modified: Wed, 05 Jul 2023 09:33:12 GMT
vary: Accept-Encoding
etag: W/"64a538d8-9c4c8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9HE5jFg%2BksSrhxnnjBthZRLm0p0%2BnhFjB%2B1PUjdnP01%2BFUzWjPYeCYRhqwuBxs05IrrxUQJmmoG5D1Dwo%2F4o3xv7eNTcsJLOek9KXUPNkpCzj93TclwSJ7fihVnvLxMsuCl6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620f33b3156af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/04/w88-1.jpg

172.67.144.236

200 OK

14 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/w88-1.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, baseline, precision 8, 170x170, components 3\012- data
Size
14 kB (13975 bytes)
Hash
f3a9343914b1336337221da4473f3fc8
c9eef25a7a6ce2294d536594dc01342e03eb3ab5
58216654054b925787a8ee6487160215290482b8cd385b2fa77fb5ca4f3abc22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/w88-1.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: image/jpeg
last-modified: Mon, 10 Apr 2023 07:25:42 GMT
vary: Accept-Encoding
etag: W/"6433b9f6-3697"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FpcMYVl5acgLwpRq8CALTtdnZEKa0U6%2BZ3mCZi8EJ3FhjC973lV%2BTkvawLW2gU5ShO2%2Bylkzp%2F5J6miOQUCk68RPE%2FhsC4%2BETl71h%2F94fWhO2jNRA9fZ5TjHrgGsF13CwGRUVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fac84a56af-OSL
alt-svc: h3=":443"; ma=86400

nhacaiuytinvn.biz/wp-content/uploads/2023/04/cropped-Screenshot-2023-04-08-091807-192x192.jpg

172.67.144.236

200 OK

4.0 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/04/cropped-Screenshot-2023-04-08-091807-192x192.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Size
4.0 kB (3959 bytes)
Hash
2b5646bda5af928bce3753235d135c71
1b52c6f7cf3022b2cf604759e78541bbbfd534d0
380fcc0b559fe58c17b64a4084fa68dcf6be0237253f2fe1b3359734b9f47614

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/04/cropped-Screenshot-2023-04-08-091807-192x192.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:23 GMT
content-type: image/jpeg
last-modified: Mon, 10 Apr 2023 06:58:47 GMT
vary: Accept-Encoding
etag: W/"6433b3a7-f77"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7dliCU5ty87amwEiwbSTmNrlBhMadPIpWDINfxw%2Bjtk275T1g7UfgtksP7d0xPKMKDEtmvALG32p1aFpUe0TJXEjLC0NtG%2FTpB8n9wszVLAnjGZJzcIJEwY5JQpAfAajuG6QQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fbf94056af-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%2C300%7CRoboto%3A400%2C500%2C700%2C300&display=swap&ver=11.4

142.250.74.106

200 OK

21 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%2C300%7CRoboto%3A400%2C500%2C700%2C300&display=swap&ver=11.4
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text
Size
21 kB (20820 bytes)
Hash
4e7db092c64cea0b7eacfc69443246ee
e54641954979e68b0d401f711f8ce3aae20349c7
cea644050f1a2978a6f5c44148a956d568303b6dd8f89fb71b1535e9163a0a02

HTTP Headers

GET /css?family=Open+Sans%3A400%2C600%2C700%2C300%7CRoboto%3A400%2C500%2C700%2C300&display=swap&ver=11.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 23 Sep 2023 22:12:21 GMT
date: Sat, 23 Sep 2023 22:12:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nhacaiuytinvn.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 15:25:53 GMT
expires: Fri, 20 Sep 2024 15:25:53 GMT
cache-control: public, max-age=31536000
age: 197189
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nhacaiuytinvn.biz/wp-content/uploads/2023/07/photo_2022-05-03_15-30-59.jpg

172.67.144.236

200 OK

98 kB

URL GET HTTP/3
nhacaiuytinvn.biz/wp-content/uploads/2023/07/photo_2022-05-03_15-30-59.jpg
IP
172.67.144.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nhacaiuytinvn.biz/
Certificate
IssuerLet's Encrypt
Subjectnhacaiuytinvn.biz
FingerprintAB:C7:EE:1A:6C:AE:5E:80:7E:2C:CD:F1:06:50:D3:FD:D8:17:9C:62
ValidityThu, 03 Aug 2023 11:54:22 GMT - Wed, 01 Nov 2023 11:54:21 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1280x1280, components 3\012- data
Size
98 kB (98419 bytes)
Hash
e52e91056302423c64115bcae69f4827
0f65d167a798458d6b9d3b48ff7d386ec8b6ebad
1e44d261444ab76b3d02df399ef67e3806151291f1277982663f5d7ac20cfa9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/07/photo_2022-05-03_15-30-59.jpg HTTP/1.1
Host: nhacaiuytinvn.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nhacaiuytinvn.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 22:12:22 GMT
content-type: image/jpeg
last-modified: Wed, 05 Jul 2023 09:25:36 GMT
vary: Accept-Encoding
etag: W/"64a53710-18073"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tA2wc4RG2r4R6GqxVIExZDYxgE5x5s6cR2V4hwFhG%2B2%2F7UdZ12h42wmYh8O4icogmetpjvJYKHfl0DP2YEjhwHmVanCyKIZey4KZtu6yZTp1bOOFNFhMUT80yHFDw49qPzqUtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b620fac84656af-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL