{"report_id":"d86efa77-30ef-48f1-8519-690b6d796c34","version":6,"status":"done","tags":[],"date":"2026-01-17T20:48:54Z","url":{"schema":"http","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"title":"Queen Mobile Blog – Review sản phẩm tận tâm từ Queen Mobile","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-21T20:48:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.googletagmanager.com","ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-11T22:20:23.507747Z","alert_count":0,"request_count":12,"received_data":386870,"sent_data":7360,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2026-01-11T22:28:08.119446Z","alert_count":0,"request_count":2,"received_data":40688,"sent_data":962,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"vcdn.subiz-cdn.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-02-23","domain_rank":908444,"first_seen":"2021-07-19T08:05:59Z","last_seen":"2026-01-16T02:27:17.90737Z","alert_count":0,"request_count":1,"received_data":399255,"sent_data":407,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2026-01-11T22:25:40.990476Z","alert_count":0,"request_count":2,"received_data":945,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"baiviet.queenmobile.net","ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-12-18","domain_rank":0,"first_seen":"2026-01-17T20:48:56.082597Z","last_seen":"2026-01-17T20:48:56.082597Z","alert_count":20,"request_count":20,"received_data":1051801,"sent_data":25265,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Site Kit:1.149.1","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"stats.wp.com","ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1997-03-28","domain_rank":22660,"first_seen":"2017-01-30T05:06:59Z","last_seen":"2026-01-11T23:40:17.853821Z","alert_count":0,"request_count":2,"received_data":8526,"sent_data":754,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.sbz.vn","ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":578685,"first_seen":"2020-06-30T06:31:22Z","last_seen":"2026-01-16T02:27:18.835808Z","alert_count":0,"request_count":15,"received_data":38136,"sent_data":9194,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"widget.subiz.net","ip":{"addr":"104.26.13.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-08-19","domain_rank":850872,"first_seen":"2020-09-28T01:18:21Z","last_seen":"2026-01-16T02:27:18.156318Z","alert_count":0,"request_count":1,"received_data":1516,"sent_data":407,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc0923c33f2f758c84c52fbb61c834a3","sha1":"b058be2d1733bff3d424d94ace699f13151e3df7","sha256":"d37ef4938c8ae1d3621058c0b807b594bdff045977dab405590883e514289ac3","sha512":"428f2cdc01d9aa9d3dc8ed5a91cbbc7bc7f1e0e05118f0d8a5e817f78b4348022cc0f7219d8362cd7295faca28e22392b2766cbeabb3b65d2387366e142294eb","ssdeep":"","tlshash":"f4d0c77df0585e5020c2607fb471a016521791b9bd941130d75ebc49ff08be546afeeb","size":215,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-12T13:45:32.45923Z","times_seen":20757,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"893f0c70aec08944f4772af2a8073460","sha1":"33c3f1c60c7336ac6cb1455aa06952f02273dc0a","sha256":"d7a404ccc381e98239889ea73e251bd3b6022d39fbf116a9689fa34107dba798","sha512":"5285db8cc85ddb8b368051a70f057a65e0f68f536ab25cd784f924c398077e5bf22a50d419ae9c438f9f0352880e2137def4273632bad218d990c8cce674df0b","ssdeep":"","tlshash":"41a022ac000020ac002b2cb0223be88833f30203a2c380028208c0b02c38e2fc808aec","size":73,"data":"","first_seen":"2024-10-12T13:56:10.735543Z","last_seen":"2026-04-12T12:34:45.842765Z","times_seen":14373,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fac8e8990374b9e47bf7881e2ba8a3a1","sha1":"d5383adc5913ade57471ff1bd16f5f361672ed70","sha256":"326e774210d36180f6af3bd8579746c08acd33855ec4b41ba43d26e75c6a3fa4","sha512":"8b3e5b4684fe10df548c4ce4ea39c79adb67e39dcc0bfc2f882378b48787cbad28fb24103547939b39d4c823b0ca79f2f073e53c9b306d41bbebb6e37a3ca366","ssdeep":"","tlshash":"8e71d77160354c33a393f5198effaf647a261803f805e4d5feadc548af2048ac4608ae","size":3721,"data":"","first_seen":"2026-01-17T20:49:00.646484Z","last_seen":"2026-01-17T20:49:00.646484Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"cb9a003ed76bab83867889e27e6c060d","sha1":"3eda99a4546c47aca602ad1e77951e82387f2cdc","sha256":"837b39101d5b4fa28af37a4ab19dabbed8e2c5a67fdb5a7cd7b47affbed6e1e2","sha512":"3d93c18b04885943ce436fb1041e0d4ead79e7e16a6b4214265db490c8bdc9512279479d13a7717061fc727c4871e27a6ff7041e3df93b1b4b5cfdb00e856cb2","ssdeep":"","tlshash":"95a01270108394419019478e0fa09de2382005835041934471194c0080041000208cb2","size":82,"data":"","first_seen":"2026-01-17T20:49:00.648211Z","last_seen":"2026-01-17T20:49:00.648211Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUXVlZW4lMjBNb2JpbGUlMjBCbG9nJTIwJUUyJTgwJTkzJTIwUmV2aWV3JTIwcyVFMSVCQSVBM24lMjBwaCVFMSVCQSVBOW0lMjB0JUUxJUJBJUFEbiUyMHQlQzMlQTJtJTIwdCVFMSVCQiVBQiUyMFF1ZWVuJTIwTW9iaWxlJTIyJTJDJTIyeCUyMiUzQTAuNDE0MzY2MDkwNjczNjAzNjQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJhaXZpZXQucXVlZW5tb2JpbGUubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bbc4da7d35266064f9b9790ceb3ec4df","sha1":"fbe57c93fdca009316b41038862ee05a36300f33","sha256":"6b18333cdfc714f7f504db29ce2f0d35bcb892b9560af9af2c8b59b69a61a9b9","sha512":"9edd6b682d998f2b818ce4c089c80e036d08c703f230482201f2314f02e1f4a57cb441ce1e219241894f4066627c9426195b2c16c19e805e193b122e337cf319","ssdeep":"192:gAhGQ1VxtjO+8lT2AgH88xEMgSn8GCxFUDLsO3UkPitI3D23JFtYogDo8VKE0z:HYC8YEdSnWe8HkuIKDolVUz","tlshash":"871216286d7904398adb63bfa03e53c0e57ab024f0516090fd8dc4c99fa9f7f46d1a99","size":9912,"data":"","first_seen":"2026-01-17T20:49:00.629837Z","last_seen":"2026-01-17T20:49:00.629837Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b6ae28f0da11b36a0616e8aa3e25c4c","sha1":"7933c67b1c059ade151f4511a54d618bdf3bb9b4","sha256":"2698427a14f25d9bd3f355714badf786f0cf9737fa2de96da1b7500047379e22","sha512":"ce9cf25d292ff8ba96e527a9a11721d17a699cc344f8bc6773010318554c0aeb29028b2b88eb2a8e4646abdb7ab5ce45870adc7a077d3ae49df3c0cdaf00d3ab","ssdeep":"","tlshash":"55a022ec0200222800232cf3a23be08a33f3880230c3f002c32c80b02c30c2fc0088f8","size":74,"data":"","first_seen":"2024-10-24T05:54:44.128269Z","last_seen":"2026-04-11T22:20:29.026854Z","times_seen":869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b6ae28f0da11b36a0616e8aa3e25c4c","sha1":"7933c67b1c059ade151f4511a54d618bdf3bb9b4","sha256":"2698427a14f25d9bd3f355714badf786f0cf9737fa2de96da1b7500047379e22","sha512":"ce9cf25d292ff8ba96e527a9a11721d17a699cc344f8bc6773010318554c0aeb29028b2b88eb2a8e4646abdb7ab5ce45870adc7a077d3ae49df3c0cdaf00d3ab","ssdeep":"","tlshash":"55a022ec0200222800232cf3a23be08a33f3880230c3f002c32c80b02c30c2fc0088f8","size":74,"data":"","first_seen":"2024-10-24T05:54:44.128269Z","last_seen":"2026-04-11T22:20:29.026854Z","times_seen":869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vcdn.subiz-cdn.com/widget-v4/public/19bbfd5aa77.app.js","fqdn":"vcdn.subiz-cdn.com","domain":"subiz-cdn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"23d3206a65c0c9e6e3343adf42415916","sha1":"c54defb17283ab29f6293a1e15ce5f2770bdcca5","sha256":"12afaa4741812b76078dbc45892ef2cfbdad93c5d70d724498a9af22fc49b49e","sha512":"af7d189306d016a249e2b0f84d64a0756b509b372a95b0c530551ad22930b187a11336ffd30c5a9903bd3d651d15f15b98adb0553351031fc1b44582ce7c0227","ssdeep":"6144:Y4C2X6PGLV/mq5P5XE1A1JtCWQgoJ+dNOcy46Li1owoynUXxwsHYoORsvE:Y4TX6QVb2pm","tlshash":"e884f97fb1d010a401628e65b1ab3775fa7d1e8853104c3cb769b6fb5b48cca526eb38","size":398034,"data":"","first_seen":"2026-01-16T02:27:38.324591Z","last_seen":"2026-02-03T19:37:15.417382Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"571b65ab59e0484a5300906fae548cb4","sha1":"2397a28268c2346be1664bf4c324a505fc9029ac","sha256":"52d146971e8f4e6cd33e8eb89ca98edb5ff3df61607bed2e2bce52eb831dd9ea","sha512":"50a1f099d45c0f2760935c34e382ba926fcfbaf9ca94ebac812a67e316040deefb2713390f9b54e8eb81f9a55a508ef89f87d201d390f7f845161e6516c31096","ssdeep":"","tlshash":"e141d8141cd524b909de04ec2736939af372341c3853a111b922a4ed17a6fcee4e2bca","size":2070,"data":"","first_seen":"2026-01-17T20:49:00.650511Z","last_seen":"2026-01-17T20:49:00.650511Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"eb78fac132e7cff1e4556b0ee5be04cf","sha1":"8c0633f511df47c21639be83c719ae0e1ea26555","sha256":"163c4d52fb653e1c2463e1a0e397faa297729ad6269b5205b915f3ed4b8b8d8b","sha512":"fd27890ccbdadd2ea409f4370f8154ea84d25cbf1d5a3e3ed4f492e601aa15516acda89b989ed980172e224f6841deeaad839d855ae6cb190ae13d0dae097316","ssdeep":"192:+ewsiGjcSvWjeUw8Xdwy55/hFGCx7PZN4dEtf:+0kjVnNbj/akpf","tlshash":"620242497602b53f393b7071d0af220b313970a7984b0861ea78fad97d789b91623d7d","size":8319,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-12T11:11:32.474582Z","times_seen":9248,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d3fb31fc4a0b37980210c57f2698989d","sha1":"82a161b3a63cf0d5a5b37e9eacdfaf298bcbb55b","sha256":"45200934a32157fcedfec503f25c156ed7a19df9a9538269e7848ad8f1adc936","sha512":"69f23736f39a72a620c7ee834ab1745e31b0289d9724365899af60148af4a28c26c7f2bfd64649776390a2301775e2c5be863604d3c932f264eaf572f0c2b3e7","ssdeep":"","tlshash":"0fe0a330f14849201040c569f274c41110b2ca85dc2aed30f38db818f830989c1b7df7","size":408,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-12T12:18:35.244519Z","times_seen":14399,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a0fe609408d246ad7b8e4b97cf257299","sha1":"e506fb7cf42b400080ab195e688bb6e5c1a9d265","sha256":"9fa087232ef1e1c40fd5e8eb188ae899fd7b5d00d4adcd1f5e8e48148b972304","sha512":"202ea8322b2b809f3cdb66df3c40d0ca9ff07fd5308f3afd6c22d461083c7f2e47fcb660317fc9d8609775bd0d2af9e42ad4a38e8ea09137882c79d0aea12511","ssdeep":"","tlshash":"7b31dd7df5291536095661fde399e341a030b0eadc824424efb5cc5ea8cce9548abdf2","size":1688,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-12T11:11:32.475585Z","times_seen":4554,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"893f0c70aec08944f4772af2a8073460","sha1":"33c3f1c60c7336ac6cb1455aa06952f02273dc0a","sha256":"d7a404ccc381e98239889ea73e251bd3b6022d39fbf116a9689fa34107dba798","sha512":"5285db8cc85ddb8b368051a70f057a65e0f68f536ab25cd784f924c398077e5bf22a50d419ae9c438f9f0352880e2137def4273632bad218d990c8cce674df0b","ssdeep":"","tlshash":"41a022ac000020ac002b2cb0223be88833f30203a2c380028208c0b02c38e2fc808aec","size":73,"data":"","first_seen":"2024-10-12T13:56:10.735543Z","last_seen":"2026-04-12T12:34:45.842765Z","times_seen":14373,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aea7985656ed1c017253c7fc7a272b69","sha1":"8bf588d4e230fd94ca54857d8304e1163d2c2574","sha256":"e214a8611cfe722a58a17a5abb9354762c2dcbaa05efc63a636dc133b4700b46","sha512":"2e856d5037066a4a5a745d5a8b68340bf6cf6e4f51f790025a523e342a733c9656ac9664167ae3cae21c4c51085b3a68c38e6c7669d78cadad2ce1d347a449bf","ssdeep":"","tlshash":"abc04ca5a9446052556b9b222377ba156e61628160832513472c81d16af6966c82e8cc","size":146,"data":"","first_seen":"2024-10-06T09:50:32.003118Z","last_seen":"2026-01-17T20:49:00.654262Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aea7985656ed1c017253c7fc7a272b69","sha1":"8bf588d4e230fd94ca54857d8304e1163d2c2574","sha256":"e214a8611cfe722a58a17a5abb9354762c2dcbaa05efc63a636dc133b4700b46","sha512":"2e856d5037066a4a5a745d5a8b68340bf6cf6e4f51f790025a523e342a733c9656ac9664167ae3cae21c4c51085b3a68c38e6c7669d78cadad2ce1d347a449bf","ssdeep":"","tlshash":"abc04ca5a9446052556b9b222377ba156e61628160832513472c81d16af6966c82e8cc","size":146,"data":"","first_seen":"2024-10-06T09:50:32.003118Z","last_seen":"2026-01-17T20:49:00.654262Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-12T13:55:20.466972Z","times_seen":331804,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-16575555411","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9be3acc6d18541f9d8b010eef4492c8e","sha1":"51ab832bcfb73aee55980cd6b55a9aedc714fadc","sha256":"081a283a15d1dcc54bb42dec927a1859783cc380b80f659700835d62ec4e7646","sha512":"68171070269884d627ad1b2174114ccb307399786731e127598ba728a0df5d4afde7b123102de01937dab4aa46c345789f133e5a474b5bf43a0eb8015c774ec2","ssdeep":"6144:uRn5+NGvjHjUG2DboUsPODfc1Ygdx5X83oapmd:48NwjFbUsPNX83F4","tlshash":"9b8419cd73ca74269392a478503f118ba57b29a2f44ccc95f189cce42e74a9a4277f7c","size":383976,"data":"","first_seen":"2026-01-17T20:49:00.655189Z","last_seen":"2026-01-17T20:49:00.655189Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202551.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","size":3812,"data":"","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-12T14:26:04.815632Z","times_seen":47061,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a3157df84574c7db4e6452e8d99d3f6","sha1":"4cc8720cfd1f4cab01724b5c0002060659d50f72","sha256":"7ced21ea74954a0e9018eb4492acf135ca5ef6224b817c5f0812532786eeb565","sha512":"ca011e41ef89fd9eb643fa891e3f5419e2d753fbaaa30b03c1a686d4ff582a8b5da9a16a83267c4f36dfdea1dfe4cf02a122ba15b337d1e8d3de0c139c4749da","ssdeep":"","tlshash":"3f8000a82000a08000332c30233baa083ba2020230c3380b0a2c80ea3eb880bc8cbecc","size":34,"data":"","first_seen":"2024-07-11T09:37:32Z","last_seen":"2026-04-12T12:34:45.83322Z","times_seen":16501,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2633b89164414448cead80cba6f22daf","sha1":"bdd50f68311c19a3e0712f002b90f73664870130","sha256":"2d7677a35469fa797c57c012005815be36fd075cec5cc78abccb698bb6f2586a","sha512":"c97d52259d0f8f7081e4ca4fec8179fe4dab60904c2b4d6d685e051451fed89471b110039c3c508bb7523c856d9194393cef7abb84385444fdf3b0d9167ff6d6","ssdeep":"","tlshash":"d051b638a5390c3587a3f22ad66f9f84a1160503b400b8c5bdedc24e6f349afc5e1e6c","size":3104,"data":"","first_seen":"2026-01-17T20:49:00.657392Z","last_seen":"2026-01-17T20:49:00.657392Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-12T13:55:20.466972Z","times_seen":331804,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"widget.subiz.net/sbz/app.js?accid=acqjuslivrdmtbxharxa","fqdn":"widget.subiz.net","domain":"subiz.net","tld":"net"},"ip":{"addr":"104.26.13.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4fbeb8c121465b6c67d8330eb24d3bbe","sha1":"2790bead0023a75d3df2b3d4ffd3126a60845edd","sha256":"775c4f3b48ba154abd34297fffaf1015454839808db9ad47b57f04113651131f","sha512":"7de1558247b2a20b8b6395a1f3831b1d97c679ca30d174c407a7e79c08685dfb17ae00afc45f5a9ae5174dd6322caed620aa2013948da324dc16c945c4f9ee72","ssdeep":"","tlshash":"a911802849fb5b3b895f7164572ff3643b3050723a8650941204982eee43e63a5fbd6a","size":868,"data":"","first_seen":"2026-01-17T20:49:00.643242Z","last_seen":"2026-01-17T20:49:00.643242Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202551.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","size":3812,"data":"","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-12T14:26:04.815632Z","times_seen":47061,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUXVlZW4lMjBNb2JpbGUlMjBCbG9nJTIwJUUyJTgwJTkzJTIwUmV2aWV3JTIwcyVFMSVCQSVBM24lMjBwaCVFMSVCQSVBOW0lMjB0JUUxJUJBJUFEbiUyMHQlQzMlQTJtJTIwdCVFMSVCQiVBQiUyMFF1ZWVuJTIwTW9iaWxlJTIyJTJDJTIyeCUyMiUzQTAuMDU4NzE3NDc0Mzk4MTI3OTElMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJhaXZpZXQucXVlZW5tb2JpbGUubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"247062507ea66ba60c11cbfbfdb9bdc0","sha1":"48330486b4cdc39667641165358976b086b9c360","sha256":"f608e17b9b5824b8c01060b86d44f0c05956e2bb580932172c3e04372677c253","sha512":"59867a7c0d8c739ae7fd0eaa617d57a92843a8820827b0b1011c631a32231117cae9f3ee712394e145eef71c52b6f200a128aa5ab959a7f77a155d1c6b9c8281","ssdeep":"192:gAhGQ1VxtjO+8lT2AgH88xEMgSn8GCxFUDLsO3UkPitI3Do9VFt+VKg0iogxookz:HYC8YEdSnWe8HkuIeD+VXRGz","tlshash":"da2239687d74043686db667ee43e53d4f979b024f0515090fe0dc8c8afa9fbe41d489a","size":10548,"data":"","first_seen":"2026-01-17T20:49:00.641533Z","last_seen":"2026-01-17T20:49:00.641533Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-12T14:00:07.97043Z","times_seen":300599,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"3e6568344f294e5113f35f837fc22e4b","sha1":"f48aeb35704b83194cf1fecfb33ca78627a11da7","sha256":"c5b081dbb591bdff4e4d74b3243d665b00cc5a440092250775376aed644467f6","sha512":"5afb92ebfbe282d1a275e1aef41f6970f94381fb035c46efd78bf89593a7f7771a76b30b94342dfd5a3f6a9bf6caeeb26fa756ed26c8de6ac588f3df4c5ad59f","ssdeep":"","tlshash":"74a02474545704c4c415f30f5700d5c3540113c33050534514c147034714d1d014cf70","size":82,"data":"","first_seen":"2026-01-17T20:49:00.658684Z","last_seen":"2026-01-17T20:49:00.658684Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-12T14:00:07.97043Z","times_seen":300599,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a3157df84574c7db4e6452e8d99d3f6","sha1":"4cc8720cfd1f4cab01724b5c0002060659d50f72","sha256":"7ced21ea74954a0e9018eb4492acf135ca5ef6224b817c5f0812532786eeb565","sha512":"ca011e41ef89fd9eb643fa891e3f5419e2d753fbaaa30b03c1a686d4ff582a8b5da9a16a83267c4f36dfdea1dfe4cf02a122ba15b337d1e8d3de0c139c4749da","ssdeep":"","tlshash":"3f8000a82000a08000332c30233baa083ba2020230c3380b0a2c80ea3eb880bc8cbecc","size":34,"data":"","first_seen":"2024-07-11T09:37:32Z","last_seen":"2026-04-12T12:34:45.83322Z","times_seen":16501,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-16575555411","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1a194df089bb320408d87688e787cae9","sha1":"013f04fa712d05b54e7c4b1b1d999e6372d474bd","sha256":"3e680e353cb7718d2aa10fd7cf661baedde58f4ae9a4614b0cf451d5f7488df7","sha512":"5f62864955834c89c4930330c5c69cb456a9c71cadb2c61350770734da35a5ba7945c79038e6cb703338ddaafca38f1b6ac175153b9c4366c87a19dcda191740","ssdeep":"6144:pRn5+NGvjHjUG2DboUsPODfc1Ygdx5X83oapmd:j8NwjFbUsPNX83F4","tlshash":"258419cd73ca74269392a478503f118ba57b29a2f44ccc95f189cce42e74a9a4277f7c","size":383976,"data":"","first_seen":"2026-01-17T20:49:00.639452Z","last_seen":"2026-01-17T20:49:00.639452Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-17T20:48:30.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncf-ray: 9bf8b6c16a271525-OSL\r\ncf-cache-status: HIT\r\nage: 2446451\r\ncache-control: max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nlink: \u003chttps://baiviet.queenmobile.net/index.php/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nvary: accept, content-type,Accept-Encoding, Accept-Encoding\r\npragma: no-cache\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: on\r\nx-frame-options: SAMEORIGIN\r\nx-litespeed-cache: miss\r\nx-litespeed-cache-control: public,max-age=604800\r\nx-litespeed-tag: 158_home,158_URL.6666cd76f96956469e7be39d750cc7d9,158_F,158_guest,158_,158_MIN.8e2a32b654305ee3f3941d82bf84ed55.css,158_MIN.983e2d14adc4c10fd945ce7b44a0ef15.js\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"HIT\", cfEdge;dur=78,cfOrigin;dur=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CjrTnvLW8I5K%2BdsY7wpHl4rxcEUDX%2BaM5WQ5kEzAXmjkBacLrAsOesCrsIu9gPSuzfPU4URTP4AYQxroXcjHqkOBFS49zqynHXo4smTJWloi7lxFpz0d\"}]}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Site Kit:1.149.1","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":129437,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16723)","md5":"43168dba4d48de8532e240abfff95b6f","sha1":"762e212f6ae6931d1ac91d979d35957e08b2d098","sha256":"1d76809861f0f62d6ab4d16311f2da0eb9a130cd5b6132bae6773101ab388c9c","sha512":"65ddd810ecc6857f7765587a3fc3b7af0f3bc6f487f890f03fb9c0f089cae322d348b390176e75c40c48cade6c4dc295f8c88f0e4a6abf497a6ba2910277f0fb","ssdeep":"1536:z3G3GzGnrJfpjefpvxT2ThlxyLDhlDyhvhlTyTDhl9y6XPhlR+RyVVmHhlmywLh9:rX6pexvx3l+oVCTb3BN2/IXvUfh","tlshash":"bfc3e973d14c7b3782378acfe0863b0c99ab850ddbc34c52b2c8875a5a92ce66d4595f","first_seen":"2026-01-17T20:49:00.557869Z","last_seen":"2026-01-17T20:49:00.557869Z","times_seen":1,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":42,"dns":20,"connect":1,"send":0,"wait":92,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtag.config\u0026eid=4\u0026u=AAAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026epr=1AW.2AW\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtag.config\u0026eid=4\u0026u=AAAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026epr=1AW.2AW\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/t","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:39.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"POST /cdn-cgi/zaraz/t HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nContent-Type: application/json\r\nContent-Length: 520\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:39 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\nset-cookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; Domain=queenmobile.net; Path=/; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__pageviewCounter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementDuration=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementStart=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4sid=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__session_counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ___z_ga_audiences=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__let=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ncfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; Domain=queenmobile.net; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type, Set-Cookie, Cache-Control\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-max-age: 600\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D%2FApTU3WInRy2X%2FyDaWFrA8cQIbJ4LmsFy8hT8eByKsvpdvn58cGIYPLMbVb%2Fj5GetU7z2y%2BA%2B2uSVHSqAuW49Aw5%2Bx2l2A3a53oLeCe3OStzODHNw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bf8b6f4bd9656ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":239,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ea94f4c5c551aba83c3dfe185d6eb894","sha1":"f6b45ef89d98da129ad2b0ab302f56949422e6f8","sha256":"c5555c04b86b6343709378215005577a48bbfa43ed6e998d9d778731dc8c38ba","sha512":"90880f3bcf1e3030379c78539de72d40eb633c0a0ed731dbb0f460657992cb94db7f7ffc2bcec4ed77a105a0c8b3853b27ef00a2a4271ddbaa5846d8c299bf90","ssdeep":"","tlshash":"4fd05ead6908206140676ba2723be9042ba2614160835812572882d56af4d1bc41a8c8","first_seen":"2025-07-01T07:50:10.785206Z","last_seen":"2026-01-17T20:49:00.563929Z","times_seen":6,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:31.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:36:27 GMT","end":"Fri, 20 Mar 2026 11:36:07 GMT"},"fingerprint":{"sha1":"C6:6A:71:84:C2:40:13:D1:A4:B7:DF:C4:1C:E1:54:F3:76:97:EF:6B","sha256":"EC:09:93:3E:E8:5D:9E:7A:B0:D9:7C:6D:85:49:92:10:89:9F:C8:FF:A5:1B:90:BB:AB:86:7E:D9:BA:0A:1C:4E"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9bf8b6c30829783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-12T13:55:20.466972Z","times_seen":331804,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":10,"dns":0,"connect":1,"send":0,"wait":15,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/uploads/2025/02/LOGO-QUEEN.png","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:33.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/uploads/2025/02/LOGO-QUEEN.png HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 56543\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Sat, 24 Jan 2026 04:41:43 GMT\r\nlast-modified: Fri, 28 Mar 2025 04:30:44 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=22qSBBcIprRB6xKfKy5NndzWpKhVolTwH3DypQxDhNGTvmJpnPQwsA55ivTE0hVAxyzFx4Tc6wiJUFbbQ72NuAuxe0JpPbeCsyHml4FnOUw1MW%2Bunw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 9bf8b6cf193356ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":56543,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"1a25c74eda6eac1be98707aff6f4e9b9","sha1":"0f3f9fd940ba01bbd1e3af63542f09dcfa297a17","sha256":"cbec0c1ed4eb1785bef66e7575d14d1a738da197f2543173fce4a5d2faec3156","sha512":"9f0527178213cb232e1d7a52b1bdd97e92591ede8578b9bb6ac7da93ad0a3642f0f58cff572f4868a3161cd7f2d588911e2e6f49e3c9b188990e63d52bb2ce50","ssdeep":"1536:VZ/gj30667QtD3vmzxismiA+hX4sjg+WYUZAc:kjsuzv+xb/f3WAc","tlshash":"81430232dc4a325519bc1503d9ecf79527a49ed044c6e1cadbe4893b49a4ad86dcc8cf","first_seen":"2023-10-16T10:30:20Z","last_seen":"2026-02-26T19:36:34.283852Z","times_seen":17,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":202,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=*\u0026eid=8\u0026u=AgAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:39.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=*\u0026eid=8\u0026u=AgAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202551.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:31.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 19:44:46 GMT","end":"Wed, 04 Mar 2026 19:44:45 GMT"},"fingerprint":{"sha1":"27:15:6B:56:D5:57:D8:9D:BB:24:1A:00:42:B9:FF:7B:FB:85:BB:C7","sha256":"30:10:00:03:5C:E3:9D:A7:31:82:FD:6C:3D:2C:DA:83:28:7A:23:1D:63:EE:03:7A:3A:67:6B:B8:94:7D:16:FC"}}},"request":{"raw":"GET /e-202551.js HTTP/1.1\r\nHost: stats.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nx-minify: t\r\nx-minify-cache: hit\r\netag: W/7134-1748959715009.08\r\na8c-edge-cache: cache\r\ncontent-encoding: br\r\nexpires: Mon, 14 Dec 2026 17:50:55 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nx-nc: HIT arn\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3812), with no line terminators","md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-12T14:26:04.815632Z","times_seen":47061,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":19,"dns":0,"connect":9,"send":0,"wait":8,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/t","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:39.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"POST /cdn-cgi/zaraz/t HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nContent-Type: application/json\r\nContent-Length: 520\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:39 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\nset-cookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; Domain=queenmobile.net; Path=/; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__pageviewCounter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementDuration=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementStart=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4sid=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__session_counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ___z_ga_audiences=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__let=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ncfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; Domain=queenmobile.net; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type, Set-Cookie, Cache-Control\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-max-age: 600\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YgpvrT%2F2SMBoKPkhv9zBAYVGfuph1j6T0%2FkZIBLFHpdex6qBPDNhtJCK3TJF5b3g76JnRngiume64lLde9EyU%2B%2FLMtLTLOmcPABNYO%2FKbeKhtm3cHw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bf8b6f4bd9f56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":239,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ea94f4c5c551aba83c3dfe185d6eb894","sha1":"f6b45ef89d98da129ad2b0ab302f56949422e6f8","sha256":"c5555c04b86b6343709378215005577a48bbfa43ed6e998d9d778731dc8c38ba","sha512":"90880f3bcf1e3030379c78539de72d40eb633c0a0ed731dbb0f460657992cb94db7f7ffc2bcec4ed77a105a0c8b3853b27ef00a2a4271ddbaa5846d8c299bf90","ssdeep":"","tlshash":"4fd05ead6908206140676ba2723be9042ba2614160835812572882d56af4d1bc41a8c8","first_seen":"2025-07-01T07:50:10.785206Z","last_seen":"2026-01-17T20:49:00.563929Z","times_seen":6,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2 HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://baiviet.queenmobile.net/wp-content/litespeed/css/8e2a32b654305ee3f3941d82bf84ed55.css?ver=6d43d\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%22533%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912313%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 5496\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Sat, 24 Jan 2026 06:38:33 GMT\r\nlast-modified: Fri, 28 Mar 2025 04:29:01 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 50998\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LwKiLmZCezNkWWjxtSpU%2BKuKbx7tfV9%2FaNIQcUO2F0V%2FVZ6QggvmeXDSvO0V0QQMAOIFwvQYR8fj%2B8oox2jUl61VmhwYUba43FxKGmnjfaLOqsGb4g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 9bf8b6cabccd56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":5496,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5496, version 1.0","md5":"7c6fbd8a2fc6d6788ac753dabb971aff","sha1":"39d1384aa489b5d4616f8ecfe5b9f682f1a7a40a","sha256":"f9ddd585e9e65c686ae9ea771a5c9ec9cb17445fe27e8ff68cfb77750fb8cd0e","sha512":"96e8a79979c847e66f17f39fb376312572ccd08b625ad4b5d6edeb3b511f63d1aeafdc9301eb01b9e933d89883aefefca99f34c7c3e9120f87f13506fd535c19","ssdeep":"96:yPeZtShIEYhjK5/M72EYgvYT0z3mPTWc9qdB3S5bkPDqP9A242DzJLY/cFaRpYg1:yWZnS42EYgvYT0z2PTV9AB8Qi42pLumE","tlshash":"81b19ff203775478c01eb5f1c65f065615317ff9847a92fb8282532e191518d96c47ef","first_seen":"2023-04-07T00:16:17Z","last_seen":"2026-04-11T15:19:34.573898Z","times_seen":652,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/uploads/2025/02/cropped-LOGO-QUEEN.png","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/uploads/2025/02/cropped-LOGO-QUEEN.png HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 43065\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Tue, 20 Jan 2026 21:36:15 GMT\r\nlast-modified: Fri, 28 Mar 2025 04:30:44 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wsCqHVtB0Hg6jGXry7nlNqGtmwEXUt4hZ%2BU9FMLDisdLnwm2Fe5d5REHg9MwmF6iT2nMi5DULWDyzVp6MiwYGkpFzND1MXAfPUZo2oaZhIMgE5TTjQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 9bf8b6cd6faa56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"b270798426c0ddc35545d9fb980b31c4","sha1":"3256580d8024fa3be086a492f33dcb9cdb8999eb","sha256":"56c7e968123a6eb834f2d6cf3950c209dae2101f2b1cd0593b4c47128cf2c0a1","sha512":"6f25dea11b7457717df0415bdc1fe8dd1e787f8faf8520d72b6d2cbcce8cd31e50f858d4f662b0ef60650860ca8cf39f681b44373c749ff8631df6a128578fc1","ssdeep":"768:1ZnOXpmF1zvuFO6WsDfOF28p7l9Uj0R1xtNiz6AazIgEfRD7461f8uLW+SYM:1ZnKp++O6lfOF28r9+ItNizC1uD0GL/S","tlshash":"4913e02895b1e1946e0be63499394f4304a36f5b94f324bdcb447c0e039af161ff7a6a","first_seen":"2026-01-17T20:49:00.5859Z","last_seen":"2026-02-26T19:36:34.276917Z","times_seen":2,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtm.init\u0026eid=2\u0026h=Ag\u0026tr=1ogtadsdatatos.1ogt1pdatav2.1ccdadsfirst.1ccdemform.1ccdadd1pdata.1ccdadslast\u0026ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdemform.2ccdadd1pdata.2ccdadslast\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtm.init\u0026eid=2\u0026h=Ag\u0026tr=1ogtadsdatatos.1ogt1pdatav2.1ccdadsfirst.1ccdemform.1ccdadd1pdata.1ccdadslast\u0026ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdemform.2ccdadd1pdata.2ccdadslast\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/rts/0/subs?token=\u0026user_ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"POST /rts/0/subs?token=\u0026user_ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: text/plain\r\nContent-Length: 638\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":638,"data":"{\"events\":[\"conversation_state_updated.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"conversation_joined.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"conversation_typing.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"message_sent.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"message_pong.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"conversation_rating_requested.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"conversation_rated.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\",\"conversation_events.account.acqjuslivrdmtbxharxa.user.ussnxabuitsdjdwrzskav\"]}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-length: 186\r\ncontent-type: application/json\r\ndate: Sat, 17 Jan 2026 20:48:34 GMT\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":186,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5bf20b49bac76fd27eb875941f09db17","sha1":"614ef9f5ca370dcb79ba8e6f9d5a4833c553a458","sha256":"99b7237b960a01d38a2a07d38d9d6c7522750ee91dd628b56b6e4ca357a25473","sha512":"be16c522cffe8b99e4ae7816a525fdbcdc4a9a9100784658c5b7a17b4c4f95973b0a208c089f0d91e2c0242855cd12ca18929f79580e84f84eb5b00f0fb0f0d6","ssdeep":"","tlshash":"bcc02258069004a77aa086c8a9a37399063d84c80a98b90ec84a40abe8459313308228","first_seen":"2026-01-17T20:49:00.590311Z","last_seen":"2026-01-17T20:49:00.590311Z","times_seen":1,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/rt/0/poll?token=jl2-bsZTYFauTTEWVaWVFjcf81Kk_jQkD-8ljqj84IGJmkAbViLQjAGKoGFhu4irb0FqvaqjBcijhHozsB3omTDWUeTgxtb8\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /rt/0/poll?token=jl2-bsZTYFauTTEWVaWVFjcf81Kk_jQkD-8ljqj84IGJmkAbViLQjAGKoGFhu4irb0FqvaqjBcijhHozsB3omTDWUeTgxtb8\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ndate: Sat, 17 Jan 2026 20:48:34 GMT\r\ncontent-length: 452\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":803,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"28f3dc42baca682bf288474451c55a52","sha1":"eb7173d6f7dd1ce4e92ab0505f902371c05c94ab","sha256":"31233d0e7d2c1d61a5c2b9471347a335fd35ea4794f7ea11ca35db11c29b0350","sha512":"48ef1b20d3f3468fae92e07f0e031d8eb56a96a3c33bad7dd90985f916653d3ea72fce560413aa3f63e2bf42a39a206b7848454d31b56255cb5534ababd1b0ef","ssdeep":"","tlshash":"a6018e9748660dfddf35139b2f803e85c36030e3d3c5898d44b489164a945dcf549269","first_seen":"2026-01-17T20:49:00.593219Z","last_seen":"2026-01-17T20:49:00.593219Z","times_seen":1,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/conversations/cssnxabumcqxvkpdnw/messages/evsnxabuzihfhgccwfqtgcwlv/receive?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:39.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"POST /4.0/accounts/acqjuslivrdmtbxharxa/conversations/cssnxabumcqxvkpdnw/messages/evsnxabuzihfhgccwfqtgcwlv/receive?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 7.927083ms\r\nx-api-time-ab: 7.914818ms\r\ndate: Sat, 17 Jan 2026 20:48:39 GMT\r\ncontent-length: 389\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":607,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"68df1c9c72e4d52cfee1c15b1201e369","sha1":"1471fc884d62aff7bc15073dc78cc4894b922813","sha256":"ee2e9d928bd144ff362d1d6bed740287515dccfec68ad789b0c1c90c562621bc","sha512":"814904996f65c425ccb9de9693a3a486c77b3c98b463f564f5da53e957d27c929c081dce388877449cd15930e4d3bcd3c03718c16be6401eaa5404d2b343ef39","ssdeep":"","tlshash":"2ff0a27388244eda8fbb060733c7b54dd7f8245bc29a41c494f40e258e44e886182355","first_seen":"2026-01-17T20:49:00.595618Z","last_seen":"2026-01-17T20:49:00.595618Z","times_seen":1,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/conversations?v=6\u0026user_id=ussnxabuitsdjdwrzskav\u0026integration_id=acqjuslivrdmtbxharxa.subizv4.subikon\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.095Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /4.0/accounts/acqjuslivrdmtbxharxa/conversations?v=6\u0026user_id=ussnxabuitsdjdwrzskav\u0026integration_id=acqjuslivrdmtbxharxa.subizv4.subikon\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncache-control: no-cache, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nexpires: -1\r\nlast-modified: Thu, 01 Jan 1970 00:00:01 GMT\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 971.155µs\r\nx-api-time-ab: 957.635µs\r\ndate: Sat, 17 Jan 2026 20:48:34 GMT\r\ncontent-length: 47\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":22,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3be4ac4f1697dadac709b5c27ac32332","sha1":"30a08067cd7640a75e3f8d81bc44f89972a5b304","sha256":"86917f24e6833957416091a28403045b70e2629b112e7600bb04ca67a29b351e","sha512":"6e67aa0beb53adda165d262d5ba74a7c59ec14086304702ed940c8e58c34df11f432c269c88ae18516f730223a1886ca10c1d9cfc1064bdfe1a794c677188db5","ssdeep":"","tlshash":"1c70000280b888c0000222223080828a82803020c0000e80328a8808080022ea000c80","first_seen":"2023-05-23T02:09:31Z","last_seen":"2026-04-08T20:09:30.656012Z","times_seen":116,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/users/ussnxabuitsdjdwrzskav/events?v=6\u0026shorten=true\u0026x-referer=https%3A%2F%2Fbaiviet.queenmobile.net\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"POST /4.0/accounts/acqjuslivrdmtbxharxa/users/ussnxabuitsdjdwrzskav/events?v=6\u0026shorten=true\u0026x-referer=https%3A%2F%2Fbaiviet.queenmobile.net\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 518\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 204.728909ms\r\nx-api-time-ab: 204.700136ms\r\ndate: Sat, 17 Jan 2026 20:48:34 GMT\r\ncontent-length: 196\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":239,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9e5216d9a350f0e8af1e3dc2ce164a45","sha1":"3843ebcfc96921a7c5618f874a1bfcb76d352c76","sha256":"ca21682583063fff006d573da46e249bc841a9b5185c1da65130b433ea1e207f","sha512":"e96399940817821e7cfafbcaa468a13d932900583606b0912f43e0740eec8c71d81e711b2ebfc947198cdfe39bc67f13ffea05d853f8a6d9ff2831c9e3bf6ec4","ssdeep":"","tlshash":"cbd0a7a2882a4df96b69464bb6d3390cc74868a5c29f1a8d44f05b3ac9dc594218021a","first_seen":"2026-01-17T20:49:00.60105Z","last_seen":"2026-01-17T20:49:00.60105Z","times_seen":1,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":452,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:31.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript\r\nexpires: Sat, 17 Jan 2026 21:36:31 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P%2F7st1HffxzRdC7BFZppxNEFOVU5KHxO9wS6Ie5nsTRXRJGY2VD5KbyzJlgDbQ1KOV6jN1iTGASmsYQFPoRWTblVsEqwnxuEyZmq7zQ1YBj%2FpiKL2Pre\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\ncf-ray: 9bf8b6c2eaa72efa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-12T14:00:07.97043Z","times_seen":300599,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vcdn.subiz-cdn.com/widget-v4/public/19bbfd5aa77.app.js","fqdn":"vcdn.subiz-cdn.com","domain":"subiz-cdn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"subiz-cdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 15:43:47 GMT","end":"Thu, 05 Mar 2026 16:41:19 GMT"},"fingerprint":{"sha1":"10:A1:F8:54:FE:75:AF:3A:38:59:F6:96:74:F7:C3:55:3B:F5:AC:3E","sha256":"05:47:B5:BB:8B:13:00:F4:41:6F:20:46:D1:FA:33:00:C9:C5:BD:CC:82:A8:12:97:CA:86:0A:D9:43:D6:1F:52"}}},"request":{"raw":"GET /widget-v4/public/19bbfd5aa77.app.js HTTP/1.1\r\nHost: vcdn.subiz-cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 92245\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Type\r\ncache-control: public, max-age=31536000, no-transform\r\ncontent-encoding: gzip\r\netag: \"c8b51784b68477ec576dd7df64a9aeba\"\r\nexpires: Fri, 15 Jan 2027 04:07:08 GMT\r\nlast-modified: Thu, 15 Jan 2026 04:06:55 GMT\r\nserver: cloudflare\r\nx-goog-generation: 1768450015084259\r\nx-goog-hash: crc32c=DwVLxA==, md5=yLUXhLaEd+xXbdffZKmuug==\r\nx-goog-metageneration: 1\r\nx-goog-storage-class: MULTI_REGIONAL\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 92245\r\nx-guploader-uploadid: AJRbA5UqJxWKEHjfJ446qdw06vo3j4NeTH0LPp1mPDUThtZUakjxtsZ0jG8yShu-7xHDDOQ\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 232884\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=83Nq2IYAG9K%2FEL6GIwuVI1%2BDP%2FdKUvQ1an6ihMPiS24KpMJCQhvV1h4Orjy%2BdKoOP4kBxlmayAaJWg%2BETRteBda0pmgnPPGI%2Fbnpf4%2BU\"}]}\r\ncf-ray: 9bf8b6cc78f1b4f9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":398034,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65487), with no line terminators","md5":"23d3206a65c0c9e6e3343adf42415916","sha1":"c54defb17283ab29f6293a1e15ce5f2770bdcca5","sha256":"12afaa4741812b76078dbc45892ef2cfbdad93c5d70d724498a9af22fc49b49e","sha512":"af7d189306d016a249e2b0f84d64a0756b509b372a95b0c530551ad22930b187a11336ffd30c5a9903bd3d651d15f15b98adb0553351031fc1b44582ce7c0227","ssdeep":"6144:Y4C2X6PGLV/mq5P5XE1A1JtCWQgoJ+dNOcy46Li1owoynUXxwsHYoORsvE:Y4TX6QVb2pm","tlshash":"e884f97fb1d010a401628e65b1ab3775fa7d1e8853104c3cb769b6fb5b48cca526eb38","first_seen":"2026-01-16T02:27:38.324591Z","last_seen":"2026-02-03T19:37:15.417382Z","times_seen":11,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":75,"dns":52,"connect":1,"send":0,"wait":13,"receive":4,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtm.dom\u0026eid=5\u0026u=AAAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtm.dom\u0026eid=5\u0026u=AAAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?frm=0\u0026tid=AW-16575555411\u0026en=page_view\u0026dl=https%3A%2F%2Fbaiviet.queenmobile.net%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1917203478.1768682913\u0026dt=Queen%20Mobile%20Blog%20%E2%80%93%20Review%20s%E1%BA%A3n%20ph%E1%BA%A9m%20t%E1%BA%ADn%20t%C3%A2m%20t%E1%BB%AB%20Queen%20Mobile\u0026auid=912162925.1768682912\u0026navt=r\u0026npa=1\u0026gtm=45be61e1h1v9214575588za200zd9214575588xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026tft=1768682912914\u0026tfd=736\u0026apve=1\u0026apvf=f\u0026gap.plf=5","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"47:99:FB:97:02:C2:03:A6:B6:60:07:03:D3:B7:37:4B:99:D1:7F:1F","sha256":"01:72:D6:C3:FA:E5:7E:F5:EF:15:83:1F:EE:A5:BF:37:4C:78:02:B4:CD:BF:8D:EF:62:9F:53:B1:B3:1A:B6:EB"}}},"request":{"raw":"POST /ccm/collect?frm=0\u0026tid=AW-16575555411\u0026en=page_view\u0026dl=https%3A%2F%2Fbaiviet.queenmobile.net%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1917203478.1768682913\u0026dt=Queen%20Mobile%20Blog%20%E2%80%93%20Review%20s%E1%BA%A3n%20ph%E1%BA%A9m%20t%E1%BA%ADn%20t%C3%A2m%20t%E1%BB%AB%20Queen%20Mobile\u0026auid=912162925.1768682912\u0026navt=r\u0026npa=1\u0026gtm=45be61e1h1v9214575588za200zd9214575588xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026tft=1768682912914\u0026tfd=736\u0026apve=1\u0026apvf=f\u0026gap.plf=5 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncontent-type: text/plain\r\npragma: no-cache\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: null\r\naccess-control-expose-headers: date,vary,vary,vary,server,content-length\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/uploads/2023/03/1678396820_Viet-lai-tieu-de-hap-dan-kich-thich-mua-hang-1024x1024.jpeg","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:33.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/uploads/2023/03/1678396820_Viet-lai-tieu-de-hap-dan-kich-thich-mua-hang-1024x1024.jpeg HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-type: text/html\r\nx-xss-protection: 1; mode=block\r\ncache-control: private, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PPBu8ZG9a6dti4%2F6BnazI1g%2BkNnEC4jUlABqh7gE0GIjgFm7Nsd6OdQ40W4mEM%2BGWQDbYSHmU3ODuGgJWn%2F4q1SCT9jfZUgE6%2FpsaAqS5AiDZN7Ssw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncf-ray: 9bf8b6cf193556ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/rt/0/poll?token=-vX4ks2BAAqbezgVf0jUE7nrW0mXzHDJfIaEtAvfb5Nnkv8IRB1RSGZ_TAwqm1Duf7kqnoByXLINC4_WkwN7GuKRL5nboL7OACZN4g\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:35.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /rt/0/poll?token=-vX4ks2BAAqbezgVf0jUE7nrW0mXzHDJfIaEtAvfb5Nnkv8IRB1RSGZ_TAwqm1Duf7kqnoByXLINC4_WkwN7GuKRL5nboL7OACZN4g\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ndate: Sat, 17 Jan 2026 20:48:38 GMT\r\ncontent-length: 1385\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":3627,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d2302982b440e3a73f866a5563764d29","sha1":"540a83447da9ffc9f0e76793fe97f2a2ec8e6e45","sha256":"2c5662e3ec8b0786f7c49383917c32901d791fb86a8f42fd6e540e8cca66753b","sha512":"f50cd57aa7e7960bb87e13103666fbea87c6daddfef19aa3d47ca52b2afd707494a6f4f457b41e404a41ef862f206a4d685fdeed3b4f88ff25e8753986ae1b80","ssdeep":"","tlshash":"5e71a5625331dd72eb81029b94fa3d9691d4755edac09c8da5e68f298b8c2fc740233f","first_seen":"2026-01-17T20:49:00.607192Z","last_seen":"2026-01-17T20:49:00.607192Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3016,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3010,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/uploads/2023/03/queen-71.jpg","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/uploads/2023/03/queen-71.jpg HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nx-xss-protection: 1; mode=block\r\ncache-control: private, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 225233\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BCElTvz2uDvA1%2BbyQtAlH93Lzoq31hafIDbRR8AP2QWfOlBcqkWZVqHXuub%2Bdic%2FYAxFDuff8oCwX%2FFWOm3YZw24AGMVtTXPXaYN2Hch3AUC25Uuig%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncf-ray: 9bf8b6cbadca56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/settings?v=6\u0026url=https%3A%2F%2Fbaiviet.queenmobile.net%2F\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:33.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /4.0/accounts/acqjuslivrdmtbxharxa/settings?v=6\u0026url=https%3A%2F%2Fbaiviet.queenmobile.net%2F\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncache-control: no-cache, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\netag: 651670a69d21c7c9fb0535a12702c6b5\r\nexpires: -1\r\nlast-modified: Sat, 17 Jan 2026 10:57:38 GMT\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 2.494904ms\r\nx-api-time-ab: 2.47964ms\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":8396,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"651670a69d21c7c9fb0535a12702c6b5","sha1":"683330b16c5208ced646299bac925a39bd48cedd","sha256":"512783dfc69ad262ab57bc47642c891a8de7ad21cae6b6a614c8bab7df98474b","sha512":"06737b343aa3c14adfc4bc5b87b716bf980411fc1b9abb2eec52f2e9a723112389ca0ec6e756be52ee0a97f4ea878246e28e807b0365794b85d8d8d9f59cd071","ssdeep":"192:UEOBe6HCBq1dI5IsN5BhoMufqFjwI4jwrjwXIshoMufqN5BPWNuinkbj1ywfo1IT:UEOMOCgI5IsN5BO7qFj94jIjSIsO7qNR","tlshash":"4d02a62607643c73c6dcd18ea6d2761fbafc595b93c49e04a5e81e18148c6db7a1233b","first_seen":"2026-01-17T20:49:00.609284Z","last_seen":"2026-01-17T20:49:00.609284Z","times_seen":1,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/conversations?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"POST /4.0/accounts/acqjuslivrdmtbxharxa/conversations?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 214\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":214,"data":"{\"initial_by\":\"bbqxhqpadocjfcrxfn\",\"locale\":\"vi-VN\",\"state\":\"active\",\"members\":[{\"type\":\"bot\",\"id\":\"bbqxhqpadocjfcrxfn\"}],\"source\":\"https://baiviet.queenmobile.net/\",\"touchpoint\":{\"channel\":\"subiz\",\"source\":\"web\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 530.04928ms\r\nx-api-time-ab: 530.025556ms\r\nx-time-12: 3.505846ms\r\nx-time-13: 14.595117ms\r\nx-time-14: 528.856915ms\r\nx-time-5: 766.828µs\r\nx-time-7: 1.729701ms\r\ndate: Sat, 17 Jan 2026 20:48:35 GMT\r\ncontent-length: 273\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":431,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"327952fa90140d9a02a23544f173ca7b","sha1":"e25db8fe4c1d4df033a03ea42c8e724f3ce7acfd","sha256":"836f2e8585050d1c4231c55557bc0cecbb5d68d426e4d53ccdde25819c827b4d","sha512":"a136ad0481ac5b41b7d7396ae847aa3b73ded7628ca83dcfae595ba825a6b3aaf103e2e8695b6f162953d8b39b20feb9b421195607c63f57d8d823d61458f06f","ssdeep":"","tlshash":"fae0ab5344220dfa9f3013475ec03fda859035e3c2d289ed54fd8e0b0b888cce48902a","first_seen":"2026-01-17T20:49:00.613304Z","last_seen":"2026-01-17T20:49:00.613304Z","times_seen":1,"resource_available":false,"data":null}},"time_used":776,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":775,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/rt/0/poll?token=Fu6-rIgIX8jlpWywx3fKek9ApdpKI5Dt-rFkRKUztRDyV-ZByM9YGc_W4R8kZrHUIHnXwRvxpuLilIWLwsgeQ91qaQPLUg7xeZGN-g\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /rt/0/poll?token=Fu6-rIgIX8jlpWywx3fKek9ApdpKI5Dt-rFkRKUztRDyV-ZByM9YGc_W4R8kZrHUIHnXwRvxpuLilIWLwsgeQ91qaQPLUg7xeZGN-g\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ndate: Sat, 17 Jan 2026 20:48:35 GMT\r\ncontent-length: 347\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":533,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a94c3ff48844e7113bf584541c8b3ec1","sha1":"3cf75cb03ebd0db43836a469e3d943a52154fb18","sha256":"2defab6167fa87a5d0dde6170901b8b38f0a6d19a85801ab2746dd68a77d4df0","sha512":"1221570043d44ab5d4bb2fac6019923eadcf65b219373cf3745e56e3c5f0757b340ae445ab85c34ba2a8c8f6144c282959fec0bf0e49e02ca5898c9011935d08","ssdeep":"","tlshash":"6bf08b538c21097ccf3663eb5bc1ea919331b033e2d64c4d54fa5d4488906bc8280616","first_seen":"2026-01-17T20:49:00.615993Z","last_seen":"2026-01-17T20:49:00.615993Z","times_seen":1,"resource_available":false,"data":null}},"time_used":899,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":899,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=*\u0026eid=7\u0026u=AgAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:39.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=*\u0026eid=7\u0026u=AgAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/t","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"POST /cdn-cgi/zaraz/t HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nContent-Type: application/json\r\nContent-Length: 494\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\nset-cookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; Domain=queenmobile.net; Path=/; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__pageviewCounter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementDuration=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementStart=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4sid=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__session_counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ___z_ga_audiences=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__let=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ncfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%22533%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912313%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; Domain=queenmobile.net; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type, Set-Cookie, Cache-Control\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-max-age: 600\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DYgLRB5eF%2Fz2SlMfwnusNvr9miImuZgxmDon76z3Z8MwS73Hten1tLSU04Ls50TntRveenfHSNZW3Hs01BE8iOpmYnJJvjCXzbx6wBf%2B4gBkBmOMRA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bf8b6c9ec1456ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":160,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"26129dfefbb444d5b214256f7d0fba1f","sha1":"cb4e5d95ccf3a877ddc6c5caa11d25f1ac263690","sha256":"3ce29a55eef53ae496154de6f93f25e7e53c61ce34d34914cbb90bc674618c58","sha512":"ab29fdf81972b857eb1a6a2653152a4bcb034363f7f0d1ec1536d77f549da3310a8753444c849a8bba591be3e67770976b6ad4a64805897f8ab9d6950968cc36","ssdeep":"","tlshash":"37c080656d04205144675b52333b6d102e52314161831412031c83c167f5d1ac41dccc","first_seen":"2026-01-17T20:49:00.618292Z","last_seen":"2026-02-26T19:36:34.231837Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/plugins/litespeed-cache/guest.vary.php","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"POST /wp-content/plugins/litespeed-cache/guest.vary.php HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%22533%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912313%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-xss-protection: 1; mode=block\r\nx-robots-tag: noindex\r\nx-litespeed-cache-control: no-cache\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nKy5pOxBFtRJsG7rPOjLsQoFOHVhjxfWOkc4qJO%2BjyYYfdGRBt0aouaUgtLb3wLNosqyIQWV1OA0c6ryyF2tg2ozqroqRjzddUl1zHNvbPfE%2Fp93vQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\ncontent-encoding: br\r\ncf-ray: 9bf8b6ca9cab56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-12T14:00:03.100343Z","times_seen":234956,"resource_available":true,"data":null}},"time_used":444,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/conversations/cssnxabumcqxvkpdnw?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /4.0/accounts/acqjuslivrdmtbxharxa/conversations/cssnxabumcqxvkpdnw?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncache-control: no-cache, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nexpires: -1\r\nlast-modified: Sat, 17 Jan 2026 20:48:34 GMT\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 1.257943ms\r\nx-api-time-ab: 1.24772ms\r\ndate: Sat, 17 Jan 2026 20:48:35 GMT\r\ncontent-length: 244\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":368,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"97928ecc18ff46c98a9c3acaad5a39b7","sha1":"f972326e87fab440fd236a11742d18453c889a9f","sha256":"80d28ddd23816f7fedab0ca8e4f7d2174d078f6d3f2feb9dd77cdb726386e85f","sha512":"9cf88b012993ce55368ab5e70976ed16c43a8a05bf86dc043625001bfc847dd6e823f4d1b74b0a9e7ed80c32d828b53b4873c5ea68f08ec53a78e9da8e68aeb3","ssdeep":"","tlshash":"9ae0689384220dfa9f3403571e803ec981a03497c2d2ca9c54fc8a070b4488ce84902a","first_seen":"2026-01-17T20:49:00.621308Z","last_seen":"2026-01-17T20:49:00.621308Z","times_seen":1,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/conversations/cssnxabumcqxvkpdnw/messages/evsnxabuzgwmpbjlpgscqbsxi/receive?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:39.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"POST /4.0/accounts/acqjuslivrdmtbxharxa/conversations/cssnxabumcqxvkpdnw/messages/evsnxabuzgwmpbjlpgscqbsxi/receive?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 9.483875ms\r\nx-api-time-ab: 9.473871ms\r\ndate: Sat, 17 Jan 2026 20:48:39 GMT\r\ncontent-length: 391\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":607,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"43ef54abbe7b7f2932ef3289bcb9cacb","sha1":"0ca9824a24e30642f48497ba927af4f59815a264","sha256":"c846c6ee13218c0c0969c8b46a65a465aba94be9cdd93fd1008743346277db4c","sha512":"3525e9f2e1bd44350ee1e493a2a6b813f59098525013399742da9ab2dd4d790b277b9457fa9d8ffea8d09bb75d1cc7933c9f06088d17b9cd63a72e02b6e33a77","ssdeep":"","tlshash":"9af0a2739c244feadb7a064b37d3b54cc7f42457c29e80c964f44e168e49e48b181355","first_seen":"2026-01-17T20:49:00.623308Z","last_seen":"2026-01-17T20:49:00.623308Z","times_seen":1,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:31.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2 HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://baiviet.queenmobile.net/wp-content/litespeed/css/8e2a32b654305ee3f3941d82bf84ed55.css?ver=6d43d\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 5496\r\npriority: u=4,i=?0\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Sat, 24 Jan 2026 06:38:33 GMT\r\nlast-modified: Fri, 28 Mar 2025 04:29:01 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: HIT\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2qexMXhjhoyhvWyjk6RUu5Pp7ynkDWM1WvQiQLTS%2Bt7n%2BOIET0tjj7Kflj6PxWsxwm6hl0Tf650wH1p6HVXrsepmYd%2FXUpLVc1nYjw%2Bpeu1UyLotmbsu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\ncf-ray: 9bf8b6c57af12efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5496,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5496, version 1.0","md5":"7c6fbd8a2fc6d6788ac753dabb971aff","sha1":"39d1384aa489b5d4616f8ecfe5b9f682f1a7a40a","sha256":"f9ddd585e9e65c686ae9ea771a5c9ec9cb17445fe27e8ff68cfb77750fb8cd0e","sha512":"96e8a79979c847e66f17f39fb376312572ccd08b625ad4b5d6edeb3b511f63d1aeafdc9301eb01b9e933d89883aefefca99f34c7c3e9120f87f13506fd535c19","ssdeep":"96:yPeZtShIEYhjK5/M72EYgvYT0z3mPTWc9qdB3S5bkPDqP9A242DzJLY/cFaRpYg1:yWZnS42EYgvYT0z2PTV9AB8Qi42pLumE","tlshash":"81b19ff203775478c01eb5f1c65f065615317ff9847a92fb8282532e191518d96c47ef","first_seen":"2023-04-07T00:16:17Z","last_seen":"2026-04-11T15:19:34.573898Z","times_seen":652,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/users/wauiniabdfcehwchxymwbdnmremywxmhseeorpxe?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /4.0/accounts/acqjuslivrdmtbxharxa/users/wauiniabdfcehwchxymwbdnmremywxmhseeorpxe?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncache-control: no-cache, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\netag: 8c45791b0230c5321c6ba4b2dfb680d5\r\nexpires: -1\r\nlast-modified: Sat, 17 Jan 2026 20:48:33 GMT\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 36.672831ms\r\nx-api-time-ab: 36.65271ms\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-length: 223\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":281,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8c45791b0230c5321c6ba4b2dfb680d5","sha1":"d6df72d0e3e1a0c52779a488af2d3fa35952080e","sha256":"0fc9ad81268a145839568132c848e09dcc22ba33fe6db6aa4e1476c7ba0f920f","sha512":"0b50fd4e890adb96f38a53d3b33f5c0d92b2be9cc3b7feca17a9fb745cac17ffc7254ca73090a95e6a10677dc1f7c8e40953a0fd308f81cd5b4412ae697eedcc","ssdeep":"","tlshash":"52d02b93dd27ccf34f6112a7b593798a4f5034b7d164159c4818c79bc94c4459629016","first_seen":"2026-01-17T20:49:00.625242Z","last_seen":"2026-01-17T20:49:00.625242Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1683,"timings":{"blocked":700,"dns":34,"connect":243,"send":0,"wait":282,"receive":0,"ssl":421},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?frm=0\u0026tid=AW-16575555411\u0026en=page_view\u0026dl=https%3A%2F%2Fbaiviet.queenmobile.net%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1917203478.1768682913\u0026dt=Queen%20Mobile%20Blog%20%E2%80%93%20Review%20s%E1%BA%A3n%20ph%E1%BA%A9m%20t%E1%BA%ADn%20t%C3%A2m%20t%E1%BB%AB%20Queen%20Mobile\u0026auid=912162925.1768682912\u0026navt=r\u0026npa=1\u0026gtm=45be61e1h1v9214575588za200zd9214575588xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026tft=1768682912914\u0026tfd=736\u0026apve=1\u0026apvf=f\u0026gap.plf=5\u0026img=1","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:33.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"47:99:FB:97:02:C2:03:A6:B6:60:07:03:D3:B7:37:4B:99:D1:7F:1F","sha256":"01:72:D6:C3:FA:E5:7E:F5:EF:15:83:1F:EE:A5:BF:37:4C:78:02:B4:CD:BF:8D:EF:62:9F:53:B1:B3:1A:B6:EB"}}},"request":{"raw":"GET /ccm/collect?frm=0\u0026tid=AW-16575555411\u0026en=page_view\u0026dl=https%3A%2F%2Fbaiviet.queenmobile.net%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1917203478.1768682913\u0026dt=Queen%20Mobile%20Blog%20%E2%80%93%20Review%20s%E1%BA%A3n%20ph%E1%BA%A9m%20t%E1%BA%ADn%20t%C3%A2m%20t%E1%BB%AB%20Queen%20Mobile\u0026auid=912162925.1768682912\u0026navt=r\u0026npa=1\u0026gtm=45be61e1h1v9214575588za200zd9214575588xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026tft=1768682912914\u0026tfd=736\u0026apve=1\u0026apvf=f\u0026gap.plf=5\u0026img=1 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\npragma: no-cache\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: text/plain\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/litespeed/css/8e2a32b654305ee3f3941d82bf84ed55.css?ver=6d43d","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/litespeed/css/8e2a32b654305ee3f3941d82bf84ed55.css?ver=6d43d HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/css\r\ncontent-length: 76038\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Sat, 24 Jan 2026 04:41:18 GMT\r\nlast-modified: Wed, 03 Dec 2025 15:23:17 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 58034\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0uUZ2D6FlrHw7Lpc8FKSvKnh26jkoqB%2Bm9mPTdCuqbppY4kVN2Zriut1TLgeDoTBDfp8E5GU9HUxiloTxA6wBD2EgtP7jMBVUPGp0F27Ip79y7unAA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 9bf8b6ca0c2656ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":291500,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (46512)","md5":"8e2a32b654305ee3f3941d82bf84ed55","sha1":"9f11aad53ffb8db86b3d03eb8ab253f8a6135e75","sha256":"5eacbbd1ea0c9d23f6f9c60fef945b27afe7c20ab01798e1acff1313d38d584d","sha512":"98904526d102e9722f6199a811ce7aa0dadfb5c4284d397550f8fd9ae65a703f20769c1755fa8422df63a4f3c1508c3307f8a54f99306c11f47e775e01f5a2a5","ssdeep":"6144:gKd+YUnQOz7qHLMm06TJLqNXMmip+eWTXjLKxPNOAgL6opPSrN+283S22H:zjUQOzfTXjLKxPNOAgL6opPSrN+2GS2Y","tlshash":"9054d6b1e24800d97336c20befc0b37c6279f738e5514deaf05ba52c4ac62a91596f6d","first_seen":"2026-01-17T20:49:00.627393Z","last_seen":"2026-01-17T20:49:00.627393Z","times_seen":1,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=4","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?ctid=AW-16575555411\u0026t=s\u0026m=0\u0026iss=4\u0026if=6\u0026pid=2009526405\u0026bc=4 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/litespeed/css/8e2a32b654305ee3f3941d82bf84ed55.css?ver=6d43d","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:31.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/litespeed/css/8e2a32b654305ee3f3941d82bf84ed55.css?ver=6d43d HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\ncontent-type: text/css\r\ncontent-length: 76038\r\npriority: u=2,i=?0\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Sat, 24 Jan 2026 04:41:18 GMT\r\nlast-modified: Wed, 03 Dec 2025 15:23:17 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: HIT\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6VcOQmnvpxjR4KtVyr9xkxIK57QnIw51VSGlGzrFwCm6Oteu42Wn8lhhlmhMF6NSy31O9bUoufC2rlEKgbfwz526%2FBy9BzyD1fcoVc1ZNv%2BJVHx4G76%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\ncf-ray: 9bf8b6c2eaa62efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":291500,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (46512)","md5":"8e2a32b654305ee3f3941d82bf84ed55","sha1":"9f11aad53ffb8db86b3d03eb8ab253f8a6135e75","sha256":"5eacbbd1ea0c9d23f6f9c60fef945b27afe7c20ab01798e1acff1313d38d584d","sha512":"98904526d102e9722f6199a811ce7aa0dadfb5c4284d397550f8fd9ae65a703f20769c1755fa8422df63a4f3c1508c3307f8a54f99306c11f47e775e01f5a2a5","ssdeep":"6144:gKd+YUnQOz7qHLMm06TJLqNXMmip+eWTXjLKxPNOAgL6opPSrN+283S22H:zjUQOzfTXjLKxPNOAgL6opPSrN+2GS2Y","tlshash":"9054d6b1e24800d97336c20befc0b37c6279f738e5514deaf05ba52c4ac62a91596f6d","first_seen":"2026-01-17T20:49:00.627393Z","last_seen":"2026-01-17T20:49:00.627393Z","times_seen":1,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:36:27 GMT","end":"Fri, 20 Mar 2026 11:36:07 GMT"},"fingerprint":{"sha1":"C6:6A:71:84:C2:40:13:D1:A4:B7:DF:C4:1C:E1:54:F3:76:97:EF:6B","sha256":"EC:09:93:3E:E8:5D:9E:7A:B0:D9:7C:6D:85:49:92:10:89:9F:C8:FF:A5:1B:90:BB:AB:86:7E:D9:BA:0A:1C:4E"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9bf8b6ca2b72569d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-12T13:55:20.466972Z","times_seen":331804,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":18,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUXVlZW4lMjBNb2JpbGUlMjBCbG9nJTIwJUUyJTgwJTkzJTIwUmV2aWV3JTIwcyVFMSVCQSVBM24lMjBwaCVFMSVCQSVBOW0lMjB0JUUxJUJBJUFEbiUyMHQlQzMlQTJtJTIwdCVFMSVCQiVBQiUyMFF1ZWVuJTIwTW9iaWxlJTIyJTJDJTIyeCUyMiUzQTAuNDE0MzY2MDkwNjczNjAzNjQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJhaXZpZXQucXVlZW5tb2JpbGUubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUXVlZW4lMjBNb2JpbGUlMjBCbG9nJTIwJUUyJTgwJTkzJTIwUmV2aWV3JTIwcyVFMSVCQSVBM24lMjBwaCVFMSVCQSVBOW0lMjB0JUUxJUJBJUFEbiUyMHQlQzMlQTJtJTIwdCVFMSVCQiVBQiUyMFF1ZWVuJTIwTW9iaWxlJTIyJTJDJTIyeCUyMiUzQTAuNDE0MzY2MDkwNjczNjAzNjQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJhaXZpZXQucXVlZW5tb2JpbGUubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA== HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%22533%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912313%22%2C%22e%22%3A1800218912313%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\nset-cookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; Domain=queenmobile.net; Path=/; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__pageviewCounter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementDuration=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementStart=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4sid=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__session_counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ___z_ga_audiences=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__let=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ncfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; Domain=queenmobile.net; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type, Set-Cookie, Cache-Control\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-max-age: 600\r\nx-robots-tag: none\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WJDQ4cT3nwuH6OWXTauOdi57OFIa50ECVSQcBHRq9fw2Cmhhk4qmbMLLTkR4UGc%2FLH0mbJnIIj3LU%2Fl7sxzynyQejFh6ZyxG4YEBe%2BQWsgU78AeiBg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bf8b6cb3d6156ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9912,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7537)","md5":"bbc4da7d35266064f9b9790ceb3ec4df","sha1":"fbe57c93fdca009316b41038862ee05a36300f33","sha256":"6b18333cdfc714f7f504db29ce2f0d35bcb892b9560af9af2c8b59b69a61a9b9","sha512":"9edd6b682d998f2b818ce4c089c80e036d08c703f230482201f2314f02e1f4a57cb441ce1e219241894f4066627c9426195b2c16c19e805e193b122e337cf319","ssdeep":"192:gAhGQ1VxtjO+8lT2AgH88xEMgSn8GCxFUDLsO3UkPitI3D23JFtYogDo8VKE0z:HYC8YEdSnWe8HkuIKDolVUz","tlshash":"871216286d7904398adb63bfa03e53c0e57ab024f0516090fd8dc4c99fa9f7f46d1a99","first_seen":"2026-01-17T20:49:00.629837Z","last_seen":"2026-01-17T20:49:00.629837Z","times_seen":1,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026e=gtm.init\u0026eid=2\u0026u=AAAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026tr=5ogtadsdatatos.5ogt1pdatav2.5ccdadsfirst.5ccdemform.5ccdadd1pdata.5ccdadslast\u0026ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdemform.2ccdadd1pdata.2ccdadslast\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:33.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026e=gtm.init\u0026eid=2\u0026u=AAAAAAAAAAAAAIA\u0026ut=AgAAgA\u0026h=Ag\u0026tr=5ogtadsdatatos.5ogt1pdatav2.5ccdadsfirst.5ccdemform.5ccdadd1pdata.5ccdadslast\u0026ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdemform.2ccdadd1pdata.2ccdadslast\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/rum?","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:33.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\ncontent-type: application/json\r\nContent-Length: 1023\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1023,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":282,\"startTime\":1768682912177,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"c77a65c2-abd1-4d02-9d6a-85bb314ad17b\",\"location\":\"https://baiviet.queenmobile.net/\",\"nt\":\"reload\",\"timingsV2\":{\"unloadEventStart\":0,\"unloadEventEnd\":0,\"domInteractive\":233,\"domContentLoadedEventStart\":333,\"domContentLoadedEventEnd\":335,\"domComplete\":818,\"loadEventStart\":818,\"loadEventEnd\":820,\"type\":\"reload\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h2\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":0,\"domainLookupStart\":35,\"domainLookupEnd\":38,\"connectStart\":38,\"connectEnd\":55,\"secureConnectionStart\":41,\"requestStart\":55,\"responseStart\":105,\"responseEnd\":106,\"transferSize\":25794,\"encodedBodySize\":22530,\"decodedBodySize\":129437,\"name\":\"https://baiviet.queenmobile.net/\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":820},\"siteToken\":\"77d79cd9d87d46e68c9e5236a784c9a9\",\"st\":2}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aPoM0TXGJ75KGkX%2BQKHyRmKzj%2FEq8A93oA%2F8T%2FGOMLyDSXa%2F4AmUz5CEyokFPZJIKiH8Y8mUHGMw3Az6fJRrT5LZqefYDG2xzP%2F0WavtPMzXWLuEjw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\ncf-ray: 9bf8b6ce589456ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202551.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 19:44:46 GMT","end":"Wed, 04 Mar 2026 19:44:45 GMT"},"fingerprint":{"sha1":"27:15:6B:56:D5:57:D8:9D:BB:24:1A:00:42:B9:FF:7B:FB:85:BB:C7","sha256":"30:10:00:03:5C:E3:9D:A7:31:82:FD:6C:3D:2C:DA:83:28:7A:23:1D:63:EE:03:7A:3A:67:6B:B8:94:7D:16:FC"}}},"request":{"raw":"GET /e-202551.js HTTP/1.1\r\nHost: stats.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nx-minify: t\r\nx-minify-cache: hit\r\netag: W/7134-1748959715009.08\r\na8c-edge-cache: cache\r\ncontent-encoding: br\r\nexpires: Mon, 14 Dec 2026 17:50:55 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nx-nc: HIT arn\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3812), with no line terminators","md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-12T14:26:04.815632Z","times_seen":47061,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":29,"dns":1,"connect":13,"send":0,"wait":7,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtm.js\u0026eid=3\u0026h=Ag\u0026tr=1rep\u0026ti=2rep\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=AW-16575555411\u0026v=3\u0026t=t\u0026pid=700020399\u0026gtm=45be61e1h1v9214575588za200zd9214575588\u0026cv=2\u0026rv=61e1\u0026tc=7\u0026x=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391253~115616985~115938465~115938468~115985660~117041587\u0026es=1\u0026e=gtm.js\u0026eid=3\u0026h=Ag\u0026tr=1rep\u0026ti=2rep\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/focuses/ussnxabuitsdjdwrzskav/delete?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"POST /4.0/accounts/acqjuslivrdmtbxharxa/focuses/ussnxabuitsdjdwrzskav/delete?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 2.384155ms\r\nx-api-time-ab: 2.369218ms\r\ndate: Sat, 17 Jan 2026 20:48:34 GMT\r\ncontent-length: 29\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":4,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"72054d9a6fbdcc7df012e19f32345b65","sha1":"52dd4c74c813db3790179c4f236ceadaca3467a8","sha256":"c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334","sha512":"5305bacdfd7c9bb525ff6c40d3ffa23c3f82eb5268ce3037dc353fa1a043ae31b239eed46db0fb043d61c55d57b97c5f00c308f92456c51c44069f23fda40317","ssdeep":"","tlshash":"5f30000000000000000000003c00000000000000000000000000000000000000000000","first_seen":"2023-03-12T08:54:09Z","last_seen":"2026-04-12T13:49:09.798985Z","times_seen":2490,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/4.0/accounts/acqjuslivrdmtbxharxa/languages/vi-VN?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:34.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /4.0/accounts/acqjuslivrdmtbxharxa/languages/vi-VN?v=6\u0026x-user-ref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\netag: 961fdf49d549bbda58cd9af4ba436bce\r\nvary: Accept-Encoding\r\nx-api-host: api-88fb5c49b-949ng\r\nx-api-time: 217.305µs\r\nx-api-time-ab: 206.36µs\r\ndate: Sat, 17 Jan 2026 20:48:34 GMT\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":8618,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5f7e346818c5bc6b9f1142cacddf76e8","sha1":"8ff4540426ec77d78d7df0449f4b8ab0e63d3b20","sha256":"cde08c3550ad2a2ebfcb8542a598b8d44f15f183f8b663dc9587120a5681d5de","sha512":"35adb1b5a1a4ea44a4a3fd7f1ae58288f576cb7434767397bafe6665ee5ec233804a473d4f51e142d39eb4f29b7787e42e8687e0c8726770fde7d49c38f0e3b3","ssdeep":"96:rHWWay7lX8GhEAObG/5bveR2KGJ8332cQBc8cJAJtLjNt64DjKJ3EQ9er:r2ulX84m6/5bWPnG2pJAfLjNVjo5er","tlshash":"3c02211a37f03d7f0b5baf1f399bf50a47d474a7ea823a1a458c149c0607e516633b2a","first_seen":"2026-01-17T20:49:00.633218Z","last_seen":"2026-02-22T05:38:04.632524Z","times_seen":2,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.sbz.vn/rt/0/poll?token=9YoFXmw7_yPINK0XUl6HZ2MbR5m43kYlofXmZOj0vcndcKD13du97q4lpgA66qu9xmzHoksCf1jcdW-Railheb8dXVIF5l8j9ihu7A\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa","fqdn":"api.sbz.vn","domain":"sbz.vn","tld":"vn"},"ip":{"addr":"35.213.167.91","port":443,"asn":15169,"as":"GOOGLE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:38.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.sbz.vn","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 10:26:46 GMT","end":"Sat, 21 Feb 2026 11:21:40 GMT"},"fingerprint":{"sha1":"7C:0E:C2:11:D3:17:5F:FA:42:9B:65:48:36:18:2B:BD:7C:88:9F:77","sha256":"60:19:3D:38:07:86:69:4A:8E:85:0D:F2:FF:77:0D:07:EF:F6:E3:76:29:E3:A8:33:97:5E:DA:1E:AC:AB:87:77"}}},"request":{"raw":"GET /rt/0/poll?token=9YoFXmw7_yPINK0XUl6HZ2MbR5m43kYlofXmZOj0vcndcKD13du97q4lpgA66qu9xmzHoksCf1jcdW-Railheb8dXVIF5l8j9ihu7A\u0026v=5\u0026account-id=acqjuslivrdmtbxharxa HTTP/1.1\r\nHost: api.sbz.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://baiviet.queenmobile.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://baiviet.queenmobile.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ndate: Sat, 17 Jan 2026 20:48:38 GMT\r\ncontent-length: 1830\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":6914,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c832efd91338059f3090dd879c8bc2dc","sha1":"12e6c1b46f51965eb0a37c50c57485af34d0f3a7","sha256":"89ee329fd2ac48e241c0427cff7dc403bce522bebc64888f8941917ad3501659","sha512":"0ace133408b94f6e910853ab579144c37fe245f5e8134789ae29c34f496a138986720350e9d2023d3ff87a4ad1615292afacd0176f24680a9b3a3cf6a125c2d2","ssdeep":"192:L2v1CjB/c/KENVEjqlZfTw1KledoQwkLL1Wy8CozbRaz//EkKEHVEKzB8CozbRaD:L2v1CjBAbbevv1WyTozbRaz/z9ZzBTo+","tlshash":"a1e161661530eeb2db95055b81f32e6691e4776ad2c09c4991a9cf28cbcc6fcb00233f","first_seen":"2026-01-17T20:49:00.635312Z","last_seen":"2026-01-17T20:49:00.635312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-17T20:48:32.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncf-ray: 9bf8b6c97bb956ba-OSL\r\ncf-cache-status: HIT\r\nage: 2446452\r\ncache-control: max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nlink: \u003chttps://baiviet.queenmobile.net/index.php/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nserver: cloudflare\r\nset-cookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; Domain=queenmobile.net; Path=/\ngoogle-analytics_v4_xxBZ__pageviewCounter=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__engagementDuration=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__engagementStart=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__counter=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__ga4sid=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__session_counter=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__ga4=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ___z_ga_audiences=; Domain=queenmobile.net; Path=/; Max-Age=0\ngoogle-analytics_v4_xxBZ__let=; Domain=queenmobile.net; Path=/; Max-Age=0\ncfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; Domain=queenmobile.net; Path=/; Max-Age=31536000\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nvary: accept, content-type,Accept-Encoding, Accept-Encoding\r\npragma: no-cache\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: on\r\nx-frame-options: SAMEORIGIN\r\nx-litespeed-cache: miss\r\nx-litespeed-cache-control: public,max-age=604800\r\nx-litespeed-tag: 158_home,158_URL.6666cd76f96956469e7be39d750cc7d9,158_F,158_guest,158_,158_MIN.8e2a32b654305ee3f3941d82bf84ed55.css,158_MIN.983e2d14adc4c10fd945ce7b44a0ef15.js\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"HIT\", cfEdge;dur=36,cfOrigin;dur=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V%2FCCNYYPsmWvdVrm18sOEVFLPvC3wmdmQh435NpDZm8vJu5csPC2xfpU6TdsCg27kDIfy0GRjdwfFm1AtT5IihDTWz74jAlZQ3eB3ElBUz1PDH3MvA%3D%3D\"}]}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Site Kit:1.149.1","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]}],"data":{"size":129437,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16723)","md5":"46f867563da947fc1dc371371d5576a5","sha1":"c67aea67f507e157e75914aac15961f3f1bd1590","sha256":"3aa94d9be1bea4d40e4da0910a25fae1b17cd1df15fbf8649d8845e7ae6cf615","sha512":"0a3c6eec1cd4f841c1e1d7196ffccdd3ca8c302abe4eaec46d1a256b10a1609d5145a7b86e0698c270fbfcbb0e63d7c14ef72e4df15e454f1765d15c387e05ac","ssdeep":"1536:z3G3Gz0nrJfpjefpWxT2ThlxyLDhlDyhvhlTyTDhl9y6XPhlR+RyVVmHhlmywLh9:rXQpexWx3l+oVCTb3BN2/IXvUfh","tlshash":"bdc3e973d14c7b3782378acfe0863b0c99ab850ddbc34c52b2c8875a5a92ce66d4595f","first_seen":"2026-01-17T20:49:00.637395Z","last_seen":"2026-01-17T20:49:00.637395Z","times_seen":1,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":19,"dns":3,"connect":1,"send":0,"wait":51,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: application/javascript\r\nexpires: Sat, 17 Jan 2026 21:36:32 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZumQjyM2BSyXaxrsTnpvHHFoBAABqcBqYY%2BxXz2rsmyabqhUQzddKQ1vXtIkpLB4DsjcOv6qdmGYI2jKPjKhhRIPWhLQ0bQaWEJR6X5KKcH6AvflEA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bf8b6ca0c2956ba-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-12T14:00:07.97043Z","times_seen":300599,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-16575555411","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /gtag/js?id=AW-16575555411 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\nexpires: Sat, 17 Jan 2026 20:48:32 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 17 Jan 2026 18:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 130827\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":383976,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"1a194df089bb320408d87688e787cae9","sha1":"013f04fa712d05b54e7c4b1b1d999e6372d474bd","sha256":"3e680e353cb7718d2aa10fd7cf661baedde58f4ae9a4614b0cf451d5f7488df7","sha512":"5f62864955834c89c4930330c5c69cb456a9c71cadb2c61350770734da35a5ba7945c79038e6cb703338ddaafca38f1b6ac175153b9c4366c87a19dcda191740","ssdeep":"6144:pRn5+NGvjHjUG2DboUsPODfc1Ygdx5X83oapmd:j8NwjFbUsPNX83F4","tlshash":"258419cd73ca74269392a478503f118ba57b29a2f44ccc95f189cce42e74a9a4277f7c","first_seen":"2026-01-17T20:49:00.639452Z","last_seen":"2026-01-17T20:49:00.639452Z","times_seen":1,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":55,"dns":1,"connect":20,"send":0,"wait":38,"receive":55,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/wp-content/uploads/2025/02/cropped-LOGO-QUEEN.png","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"172.67.207.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /wp-content/uploads/2025/02/cropped-LOGO-QUEEN.png HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D; cfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684712519%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218912519%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682912519%22%2C%22e%22%3A1800218912519%7D%7D; _gcl_au=1.1.912162925.1768682912; _lscache_vary=990ed6010c3fce088e5b99a07835d732; __sbref=wauiniabdfcehwchxymwbdnmremywxmhseeorpxe\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 43065\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=604800, no-store\r\nexpires: Tue, 20 Jan 2026 21:36:15 GMT\r\nlast-modified: Fri, 28 Mar 2025 04:30:44 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 342737\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HQI8KMw5%2B7o7vZ4Fvw0Xxz9xDPTwjwbnUp9lWIMtFiT0kyanHqfzHx63A55leBh1%2FMc7RQiVglVqacTX74ruY6nYHJtXx%2FtUj9clwhE7ZWTpiPDBzA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 9bf8b6cd6fab56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":43065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"b270798426c0ddc35545d9fb980b31c4","sha1":"3256580d8024fa3be086a492f33dcb9cdb8999eb","sha256":"56c7e968123a6eb834f2d6cf3950c209dae2101f2b1cd0593b4c47128cf2c0a1","sha512":"6f25dea11b7457717df0415bdc1fe8dd1e787f8faf8520d72b6d2cbcce8cd31e50f858d4f662b0ef60650860ca8cf39f681b44373c749ff8631df6a128578fc1","ssdeep":"768:1ZnOXpmF1zvuFO6WsDfOF28p7l9Uj0R1xtNiz6AazIgEfRD7461f8uLW+SYM:1ZnKp++O6lfOF28r9+ItNizC1uD0GL/S","tlshash":"4913e02895b1e1946e0be63499394f4304a36f5b94f324bdcb447c0e039af161ff7a6a","first_seen":"2026-01-17T20:49:00.5859Z","last_seen":"2026-02-26T19:36:34.276917Z","times_seen":2,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"baiviet.queenmobile.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUXVlZW4lMjBNb2JpbGUlMjBCbG9nJTIwJUUyJTgwJTkzJTIwUmV2aWV3JTIwcyVFMSVCQSVBM24lMjBwaCVFMSVCQSVBOW0lMjB0JUUxJUJBJUFEbiUyMHQlQzMlQTJtJTIwdCVFMSVCQiVBQiUyMFF1ZWVuJTIwTW9iaWxlJTIyJTJDJTIyeCUyMiUzQTAuMDU4NzE3NDc0Mzk4MTI3OTElMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJhaXZpZXQucXVlZW5tb2JpbGUubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==","fqdn":"baiviet.queenmobile.net","domain":"queenmobile.net","tld":"net"},"ip":{"addr":"104.21.85.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:31.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"queenmobile.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 13:17:51 GMT","end":"Tue, 14 Apr 2026 14:16:31 GMT"},"fingerprint":{"sha1":"AD:0E:6A:6A:27:09:E6:3B:EE:08:80:CC:BA:07:4E:A8:C6:9A:AF:18","sha256":"15:C8:5A:18:87:43:F1:C7:6D:2C:21:D8:23:33:3D:89:16:6A:A0:0D:01:92:90:A5:B1:53:CC:16:EA:D9:91:15"}}},"request":{"raw":"GET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUXVlZW4lMjBNb2JpbGUlMjBCbG9nJTIwJUUyJTgwJTkzJTIwUmV2aWV3JTIwcyVFMSVCQSVBM24lMjBwaCVFMSVCQSVBOW0lMjB0JUUxJUJBJUFEbiUyMHQlQzMlQTJtJTIwdCVFMSVCQiVBQiUyMFF1ZWVuJTIwTW9iaWxlJTIyJTJDJTIyeCUyMiUzQTAuMDU4NzE3NDc0Mzk4MTI3OTElMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRmJhaXZpZXQucXVlZW5tb2JpbGUubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA== HTTP/1.1\r\nHost: baiviet.queenmobile.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://baiviet.queenmobile.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:31 GMT\r\npriority: u=3,i=?0\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: https://baiviet.queenmobile.net\r\nset-cookie: cfzs_google-analytics_v4=%7B%22xxBZ_pageviewCounter%22%3A%7B%22v%22%3A%221%22%7D%7D; Domain=queenmobile.net; Path=/; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__pageviewCounter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementDuration=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__engagementStart=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4sid=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__session_counter=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__ga4=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ___z_ga_audiences=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ngoogle-analytics_v4_xxBZ__let=; Domain=queenmobile.net; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax\ncfz_google-analytics_v4=%7B%22xxBZ_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_engagementStart%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4sid%22%3A%7B%22v%22%3A%22922385535%22%2C%22e%22%3A1768684711780%7D%2C%22xxBZ_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_ga4%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ__z_ga_audiences%22%3A%7B%22v%22%3A%22483cf0e7-4ad3-4cbe-8226-b3ab2d8ace40%22%2C%22e%22%3A1800218911780%7D%2C%22xxBZ_let%22%3A%7B%22v%22%3A%221768682911780%22%2C%22e%22%3A1800218911780%7D%7D; Domain=queenmobile.net; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type, Set-Cookie, Cache-Control\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-max-age: 600\r\nx-robots-tag: none\r\nstrict-transport-security: max-age=7776000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vl%2BGR2PA%2Bdjs2frxR3GKVsUObo8dng7npwLRMjKRxWUBBQHN%2FTeD20zH%2F6ib%2Ff3cP%2BaXebcjpktPQwk5tFiXS6Q457%2B6Zdr4ErIrF3vqSdstwBZJ5fG8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ncf-ray: 9bf8b6c69b1a2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10548,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8173)","md5":"247062507ea66ba60c11cbfbfdb9bdc0","sha1":"48330486b4cdc39667641165358976b086b9c360","sha256":"f608e17b9b5824b8c01060b86d44f0c05956e2bb580932172c3e04372677c253","sha512":"59867a7c0d8c739ae7fd0eaa617d57a92843a8820827b0b1011c631a32231117cae9f3ee712394e145eef71c52b6f200a128aa5ab959a7f77a155d1c6b9c8281","ssdeep":"192:gAhGQ1VxtjO+8lT2AgH88xEMgSn8GCxFUDLsO3UkPitI3Do9VFt+VKg0iogxookz:HYC8YEdSnWe8HkuIeD+VXRGz","tlshash":"da2239687d74043686db667ee43e53d4f979b024f0515090fe0dc8c8afa9fbe41d489a","first_seen":"2026-01-17T20:49:00.641533Z","last_seen":"2026-01-17T20:49:00.641533Z","times_seen":1,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-17","alert":"Sinkholed","trigger":"baiviet.queenmobile.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"widget.subiz.net/sbz/app.js?accid=acqjuslivrdmtbxharxa","fqdn":"widget.subiz.net","domain":"subiz.net","tld":"net"},"ip":{"addr":"104.26.13.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://baiviet.queenmobile.net/","date":"2026-01-17T20:48:32.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"subiz.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 12:10:34 GMT","end":"Tue, 03 Mar 2026 13:10:32 GMT"},"fingerprint":{"sha1":"7C:BB:60:72:97:25:7A:6F:0B:79:CE:EA:12:7B:94:54:B9:1D:60:BD","sha256":"3D:34:BC:F5:02:E0:20:6B:D7:56:9C:7E:AB:CC:14:FF:AD:5A:DD:A3:6E:86:6D:04:C6:EF:53:2F:3A:9C:A3:63"}}},"request":{"raw":"GET /sbz/app.js?accid=acqjuslivrdmtbxharxa HTTP/1.1\r\nHost: widget.subiz.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 17 Jan 2026 20:48:32 GMT\r\ncontent-type: text/javascript\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q4mIB8tM8TGdiYV64Bj%2F%2B2KVAPQQypCLk2%2BKwCVz%2BywgBvcgRXUv97POipMIpoG2WzaiykGfbCo7p2wAFWlUDnF1dcoClsUxlPew99w%3D\"}]}\r\ncache-control: max-age=300\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 17 Jan 2026 20:48:32 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bf8b6cbda400731-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":868,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"4fbeb8c121465b6c67d8330eb24d3bbe","sha1":"2790bead0023a75d3df2b3d4ffd3126a60845edd","sha256":"775c4f3b48ba154abd34297fffaf1015454839808db9ad47b57f04113651131f","sha512":"7de1558247b2a20b8b6395a1f3831b1d97c679ca30d174c407a7e79c08685dfb17ae00afc45f5a9ae5174dd6322caed620aa2013948da324dc16c945c4f9ee72","ssdeep":"","tlshash":"a911802849fb5b3b895f7164572ff3643b3050723a8650941204982eee43e63a5fbd6a","first_seen":"2026-01-17T20:49:00.643242Z","last_seen":"2026-01-17T20:49:00.643242Z","times_seen":1,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":14,"dns":1,"connect":1,"send":0,"wait":11,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}