firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 17 Sep 2022 04:11:12 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HQU10AIjX-GzXC9J04Y8SE3-XBpaFySgrvNB1IrzMkDq7gLMLcue_g==
Age: 984
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6312
Expires: Sat, 17 Sep 2022 06:12:48 GMT
Date: Sat, 17 Sep 2022 04:27:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: t9R23VzUYQwaMd6R7RuyYKmcD6Sh6rN3Jzusy0yiYhWFM5e7WrDnXA==
age: 85941
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 04:27:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2022 04:03:22 GMT
Cache-Control: max-age=3600
Expires: Sat, 17 Sep 2022 04:33:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nhDFRWfIHi-mEwuWRqWRvbgGGwahsW5-K__NNYM9iji1B4XT-C9Sdw==
Age: 1455
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5430
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:37 GMT
Last-Modified: Sat, 17 Sep 2022 02:57:07 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Dw9rABbk8sliFQagthi5cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kduMV+uXZa/7U/PoKqxOfqQV/l0=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9739
Expires: Sat, 17 Sep 2022 07:09:57 GMT
Date: Sat, 17 Sep 2022 04:27:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9739
Expires: Sat, 17 Sep 2022 07:09:57 GMT
Date: Sat, 17 Sep 2022 04:27:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9739
Expires: Sat, 17 Sep 2022 07:09:57 GMT
Date: Sat, 17 Sep 2022 04:27:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9739
Expires: Sat, 17 Sep 2022 07:09:57 GMT
Date: Sat, 17 Sep 2022 04:27:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14e8614f-d7d5-4a87-adf0-ab2cfcfb023b.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14e8614f-d7d5-4a87-adf0-ab2cfcfb023b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e963daffb462e89d9d67e6193944cc3
ff29c630c2ed8a67fe5cd4622dc9f1d23234b58c
cc24af0aedb89ab059b6706b8e51708547ea2ce2b2c2743425810b44af7c68c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14e8614f-d7d5-4a87-adf0-ab2cfcfb023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5956
x-amzn-requestid: 19032fea-67c3-404f-bf3e-9b436a61a7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeNW4G30oAMFw0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63225c2b-3da099be3781af033658520f;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:56:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FU7qiAFNHIIxNo_zRH3xQzmMMORVZ4Q5W-GgwdhA5ZQJPokQssZv5A==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 12:55:52 GMT
age: 55906
etag: "ff29c630c2ed8a67fe5cd4622dc9f1d23234b58c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e43d1ff-79bc-430f-826f-2af5ae602556.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e43d1ff-79bc-430f-826f-2af5ae602556.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d46a910081eb782408f1a2fa3c6aabba
28ac45ef155c66dd79a306f14d3b38f597b6a32e
d5787a6a12d275555c627e3245b37d4e751148345a09d5671b343cfebe7173b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e43d1ff-79bc-430f-826f-2af5ae602556.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: e1ca6cef-c033-4887-80cf-2014ab8e620c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ykn5cEnLIAMFrzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ed09-3afc16cf66fef0e62dd6f3cc;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:39:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pPCI5VDX3PIldEnkLv-VNCFWuykiarYQdLYguNTfmbwxYCDVaS2EcA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 22:01:45 GMT
age: 23153
etag: "28ac45ef155c66dd79a306f14d3b38f597b6a32e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98d68511-1d61-4e7e-9647-8c57b409e85e.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98d68511-1d61-4e7e-9647-8c57b409e85e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 67046c783f8a224572cb8c70625cec67
6b17fa76a13bca3d75efb59a2f4b04c4a43477b6
44aed2e381a512e648202a775c70b7e5ebd5ce8f2c8762bb24c8bb8ee9b98f4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98d68511-1d61-4e7e-9647-8c57b409e85e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: d9194b5e-17bc-4e08-b1bb-97dda96ac30e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YknslF7KoAMF8xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ecb6-56733ebe2050abfd16e2d5a1;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:37:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Meblc1VO8Te1dcBvdt5QsMM6ACc9gnE0OvPomm4vjJD-_IHDefh4zA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:50:26 GMT
age: 23832
etag: "6b17fa76a13bca3d75efb59a2f4b04c4a43477b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c35b7f5f8e1b0b24570a41b7d18533a
c5b82c9d77851820b8d206573d5c03cd36d27a20
bb2456b31c48e6ebc9595c2bb9972b74531e93dd02ec4571d5af614f2d116ec7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6109
x-amzn-requestid: 271b006e-9d17-46ba-9eed-22fd638c4e9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2AhHZgIAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d039c-444e7d6b22f2a08f7215a986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: clBnXbh8x6GItJ6ObFVEM4Es3jAKlfMS8CMGlU6RBf_eshZ_HfFkOA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 22:31:13 GMT
age: 21385
etag: "c5b82c9d77851820b8d206573d5c03cd36d27a20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a22ab7dcdf50f4a297b8e117d336eae
e139a0974317212f094fdbe59e26ca5cf6b9e56d
9b4c23c1bb2e4fcd140ce34bf83f315f09b45202c569cb74113c2e65c4031dcd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7788
x-amzn-requestid: 2cb48f87-8b72-4ff7-b041-a6e704b854a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIP2-HFHoAMFssA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319935f-693e2f2e5a0bcd9f690f21fa;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 07:01:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4-H_LbXRjS1PJkVz9OIhwsaPfu8ZlL98zTZG--hdmij9Tc6KtmNSFQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:51:13 GMT
age: 23785
etag: "e139a0974317212f094fdbe59e26ca5cf6b9e56d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1024748-f90f-4a93-b16b-b8f8110102f2.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1024748-f90f-4a93-b16b-b8f8110102f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2182aefe8078f268f77064b982353421
b66a3b8245ed597751c5c17b63f45273ccacb3d4
bd0549ca87a0fb119e68cfd71d50118e3075cc8e99bcaa83761a9ab0c93ee2ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1024748-f90f-4a93-b16b-b8f8110102f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8892
x-amzn-requestid: 683b4d8c-3704-4db5-837c-8d27302173a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRmxsHrToAMFo4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d51a4-6e53a23464675f511588380b;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 03:10:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Q-ATn4hgPnfnvnHWdnHXkrwk2X21sAPPhL4AIfyuD08e4wBDsSrIkg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 22:02:44 GMT
age: 23094
etag: "b66a3b8245ed597751c5c17b63f45273ccacb3d4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
123.30.171.132301 Moved Permanently 1.1 kB URL HTTP/1.1 licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
IP 123.30.171.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (979)
Hash a4520eb19fcad30becd1c51accba1069
254af8d1ce56fe6cffbc1f65870c6a7c04b32815
522b348ba467c8af2571476b7512bf78b34db028af52f6ff3f5a5b9d4365c5e8
Analyzer Verdict Alert quad9 Sinkholed
GET /login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Sep 2022 04:28:44 GMT
Server: Apache/2
Location: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Content-Length: 1137
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4a671ac35d4082133b6c952bc30ea51e
623966b7592225cf41311483b2acfcc6d44e60d6
81b5fdc6eab4232c04276230d45af881c9eff6e7ed6fdaa5c20b055af1631423
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81B5FDC6EAB4232C04276230D45AF881C9EFF6E7ED6FDAA5C20B055AF1631423"
Last-Modified: Sat, 17 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11256
Expires: Sat, 17 Sep 2022 07:35:14 GMT
Date: Sat, 17 Sep 2022 04:27:38 GMT
Connection: keep-alive
licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
123.30.171.132404 Not Found 8.5 kB URL HTTP/2 licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
IP 123.30.171.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6839), with CRLF, LF line terminators
Hash 0d4be86a4b6a6a2abd051f9905f2e8ad
cf55e153826049fe8fa6f9021323a3f018e2f8af
1fb6ae4ecc4ebe43aad43cb0cfde4d1eb1cc9a64ca5d3f7fcb73accc72caa21c
Analyzer Verdict Alert quad9 Sinkholed
GET /login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
vary: Cookie,Accept-Encoding,User-Agent
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://licogi18.com.vn/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
cache-control: no-cache, must-revalidate, max-age=0, s-maxage=10
content-length: 8513
content-type: text/html; charset=UTF-8
date: Sat, 17 Sep 2022 04:28:45 GMT
server: Apache/2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d12cc59489773babbc650161772d674
6fa23d626e8a64d98e59984567cd4dc42c648833
f43eae2b85acffc988fbc2c97e18ae1c013217db2cbe24df14dd3b8c35d0ff27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc0aaf293fed6c16e1dde02c50c8f40
e94f11cd8fa955f28856a02aa7115aa5f3626d98
b1592dc8fc0d63052f66b7be9b5ff1f562f6fbd05f6365ce828758bfbb3f1a12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b4a24f9aebdfdb06d10cd53e92a70bb8
c4532479dbd9636d8f5206faa085c520651eb5f2
1d330af2b423e351355f710f14cb771fa9918e8b6638c5076aba7bcda6c30936
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LcZKSkcAAAAAOe683kf6ZbwuJryt3JRn8xZ0LIl&ver=3.0
142.250.74.164400 Bad Request 119 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcZKSkcAAAAAOe683kf6ZbwuJryt3JRn8xZ0LIl&ver=3.0
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 96612d2b1b529ecfcf09798c3eb100bf
4f32d5d3ccf4d44ae71309dfa8d6f9d396614a27
7c58bfa17d0c600b7455e6bfb3d8371fbf93da20a7a53ed1efad37d692f1cba0
GET /recaptcha/api.js?render=6LcZKSkcAAAAAOe683kf6ZbwuJryt3JRn8xZ0LIl&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Sat, 17 Sep 2022 04:27:40 GMT
expires: Sat, 17 Sep 2022 04:27:40 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 119
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-S2RJHLLQ19
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-S2RJHLLQ19
IP 142.250.74.72:0
File type ASCII text, with very long lines (17807)
Hash 66a8603eebbef73211fae54699899f5d
ae84fabc02f177b614f846fe7dc8dc1a9b27315f
5b0f95944bab6cbee6598015d738d8d571a2c1aef3bf29a06e903ed7be9a68c5
GET /gtag/js?id=G-S2RJHLLQ19 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Sep 2022 04:27:40 GMT
expires: Sat, 17 Sep 2022 04:27:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74679
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9730b7d7d5f0481f65712991a899f4b8
facb4df5e4a4ac98b9bdd126c7dbb531cf0fe1e7
15d7d8acbcd94d9ca8579cc31a9ec621e76408663bc4b047e5e127acb14334a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d12cc59489773babbc650161772d674
6fa23d626e8a64d98e59984567cd4dc42c648833
f43eae2b85acffc988fbc2c97e18ae1c013217db2cbe24df14dd3b8c35d0ff27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9730b7d7d5f0481f65712991a899f4b8
facb4df5e4a4ac98b9bdd126c7dbb531cf0fe1e7
15d7d8acbcd94d9ca8579cc31a9ec621e76408663bc4b047e5e127acb14334a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
123.30.171.132200 OK 5.5 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
IP 123.30.171.132:0
File type ASCII text, with very long lines (29347), with no line terminators
Hash 59a28f613a3c75d68e935b7ca57ab044
86dc3f4db8c0d03f02e4234fbeaea1876e23af2a
2a23888e1a3808ecc31ab11b763f053ae507e89da699447c3e5a74b221bdff58
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/style.css?ver=4.2.1 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 5493
server: Apache/2
accept-ranges: bytes
x-original-content-length: 40742
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-Q4NuUZ0N6e"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
123.30.171.132200 OK 833 B URL HTTP/2 licogi18.com.vn/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
IP 123.30.171.132:0
File type ASCII text, with very long lines (1810)
Hash 31f29987638408181e496b394dfa49b4
3b7951e1a3c37d7a6bcc72e9bebbd62d0f5c62df
eba7e988cba20b9444e889eba3f266ecd2100e2f9d88b885347187b8d6b1d26d
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 833
server: Apache/2
accept-ranges: bytes
x-original-content-length: 2640
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-o23oxoKDT7"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.9
123.30.171.132200 OK 1.6 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.9
IP 123.30.171.132:0
File type ASCII text, with very long lines (5100), with no line terminators
Hash 5b1945e6d8b56cf612a31c5771ffa8f4
fcbc8b7f3e845add078eaa92c0f959d3ffb930ff
763ea46ee4be8bc1b6ccb49d7213904930c8c3cd0e5826ae294b88fe3a1943ff
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.9 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 1638
server: Apache/2
accept-ranges: bytes
x-original-content-length: 5732
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-Nn8JN1agSk"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9
123.30.171.132200 OK 10 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9
IP 123.30.171.132:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b75aeff4880b605d95f5f49e5cba7d86
b60318ce72dc7f683769c731ce2c41f9fb33438a
d9e68764afe4a47309ca01caf684d532070b32b1a5043f1512831b27c35bb434
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 10239
server: Apache/2
accept-ranges: bytes
x-original-content-length: 128983
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-9-fWkOEu_D"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-includes/js/jquery/jquery.js?ver=1.12.4
123.30.171.132200 OK 34 kB URL HTTP/2 licogi18.com.vn/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 123.30.171.132:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6599a4313c1c89ba43ccf42d5bb580d3
e4bf00368b89df20e2ad9a571416473740c4f039
e7d5c34aeb0c7bece6654cc6a494b963836703da06528b2f2e44003a3840e537
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 33683
server: Apache/2
accept-ranges: bytes
x-original-content-length: 96873
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-gp20iU5FlU"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
123.30.171.132301 Moved Permanently 272 B URL HTTP/1.1 licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
IP 123.30.171.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9d091bf8e473114d9e1edaf3f0e79a44
736bf274a4454dae30230afb43fbb7ae59745063
846248e200834f618981e4b887cd4b0c7e990aca73f61cce398178d68a164b7e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/09/mail-logo.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Sep 2022 04:28:46 GMT
Server: Apache/2
Location: https://licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
Content-Length: 272
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
licogi18.com.vn/wp-content/themes/caia/custom/js/slick.js?ver=5.1.4
123.30.171.132200 OK 10 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/custom/js/slick.js?ver=5.1.4
IP 123.30.171.132:0
File type ASCII text, with very long lines (42862), with no line terminators
Hash aad6ed42aa57534aacf0bf0865a1a599
389621aa1d4fa9d2bebd8ae99a3dfd87f2c4fe26
9c3ffd1fa2612474e50043618765246f191bf3cfc7494c08d971c5f732190b28
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/custom/js/slick.js?ver=5.1.4 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 10333
server: Apache/2
last-modified: Tue, 17 Aug 2021 02:51:53 GMT
etag: "a76e-5c9b8666f3342"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 42862
content-encoding: gzip
cache-control: max-age=300
expires: Sat, 17 Sep 2022 04:32:18 GMT
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2022/08/z3647869742853_8e9eb39dbe04f3d3132e78f568ed4e62-360x240.jpg
123.30.171.132200 OK 22 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2022/08/z3647869742853_8e9eb39dbe04f3d3132e78f568ed4e62-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash bdc27db0e0b56cb40d2ac7ee7bf051ed
430948dfb2802d5c3efc7808bdec942e38f91910
be428072247c7efd38d94dcae294ae2f0e9a1731ebca299dc4d06be4f32cbc57
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/08/z3647869742853_8e9eb39dbe04f3d3132e78f568ed4e62-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 21942
accept-ranges: bytes
server: Apache/2
x-original-content-length: 23584
etag: W/"PSA-aj-vcJ9sOC1bL"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2022/07/z3599664945716_b6af56be7e8dec4959c4bbe8c5dd81d6-360x240.jpg
123.30.171.132200 OK 21 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2022/07/z3599664945716_b6af56be7e8dec4959c4bbe8c5dd81d6-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash 334e7d46aa6d0e2ca746b3bd5ca23213
4af80677b865e4358284090620ce966e61a1ed4b
4d1738b75244002312de905884ce1ea40b36444106f760826d4cc76b7dfc4f14
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/07/z3599664945716_b6af56be7e8dec4959c4bbe8c5dd81d6-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 20602
accept-ranges: bytes
server: Apache/2
x-original-content-length: 21631
etag: W/"PSA-aj-M059RqptDi"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/kdt-cau-han-360x240.jpg
123.30.171.132200 OK 26 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/kdt-cau-han-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash 0ed24aacf45834dbcc2809661dcc62b6
4d73e6514394d09891fc3ab5c566adcf0e15446c
bd530e924ff7dbd8eaa11e764d1cd32de7e48add7f78d526f8a48a5eddc6776b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/kdt-cau-han-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 26548
accept-ranges: bytes
server: Apache/2
x-original-content-length: 28471
etag: W/"PSA-aj-DtJKrPRYNN"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2022/06/z3451680902611_3b1f5a93c1be639c702d26a180bcb54f-360x240.jpg
123.30.171.132200 OK 25 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2022/06/z3451680902611_3b1f5a93c1be639c702d26a180bcb54f-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash ed251a4d908360eb4a24f91f77df7419
d9f11c406f8e122b132980cd1c640f41be0351af
26de29ca90285da211b3b26a9ae5bc1fab579c26be86604bc4d2ab85f3619f7a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/06/z3451680902611_3b1f5a93c1be639c702d26a180bcb54f-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 24908
accept-ranges: bytes
server: Apache/2
x-original-content-length: 26613
etag: W/"PSA-aj-7SUaTZCDYO"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-includes/js/wp-embed.min.js?ver=5.1.4
123.30.171.132200 OK 753 B URL HTTP/2 licogi18.com.vn/wp-includes/js/wp-embed.min.js?ver=5.1.4
IP 123.30.171.132:0
File type ASCII text, with very long lines (1403), with no line terminators
Hash 0e2fa325009949146b555e051f64f65c
81cb1e13bb6a073c701fadd3d7ea25436a6c4cde
f9751ee717735c02218e834a39cecb1261c56b4da0fb879d00faa7df6d7c5066
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=5.1.4 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 753
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:04:08 GMT
etag: "57b-5c9b892457c79"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 1403
content-encoding: gzip
cache-control: max-age=300
expires: Sat, 17 Sep 2022 04:32:18 GMT
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.2
123.30.171.132200 OK 847 B URL HTTP/2 licogi18.com.vn/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.2
IP 123.30.171.132:0
File type ASCII text, with very long lines (1849), with no line terminators
Hash 8474035b36a675a06a5f7696903b05ae
a113a20ffaf089c609d3a72c1041e83303734d6d
7140faf14df1701ce31da9e36f3bdbcd30fcb365c2635f0e0de7fb5f89a6e067
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.2 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 847
server: Apache/2
last-modified: Fri, 27 Aug 2021 08:15:01 GMT
etag: "739-5ca86147db34d"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 1849
content-encoding: gzip
cache-control: max-age=300
expires: Sat, 17 Sep 2022 04:32:18 GMT
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.9
123.30.171.132200 OK 2.4 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.9
IP 123.30.171.132:0
File type ASCII text, with very long lines (8044), with no line terminators
Hash 37ab838af328be040e19eaf10b26cfa6
1bc77806ffe3a0a2bf2304e0569164757a14da55
8ec547cd1efbcb5c510b52ed4899c8cc102b18b1e5422f5fa39ae61330d21016
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.9 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 2372
server: Apache/2
accept-ranges: bytes
x-original-content-length: 13797
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-5RfLLhH5cN"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
123.30.171.132200 OK 4.1 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
IP 123.30.171.132:0
File type ASCII text, with very long lines (12987), with no line terminators
Hash 80527c6c3990b365978b19bb923850f6
871afc56a15f1cc51db55d496e2968e8e63036ce
cbcc278893ad87bcfd1571be16707edca39fba4b7c80000c040048ab9c51f340
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 4063
server: Apache/2
last-modified: Fri, 27 Aug 2021 08:15:01 GMT
etag: "32bb-5ca86147efb6d"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 12987
content-encoding: gzip
cache-control: max-age=300
expires: Sat, 17 Sep 2022 04:32:18 GMT
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 27 kB IP 142.250.74.3:0
File type gzip compressed data, max compression\012- data
Hash 97b01a05c9f8f91256730f0a6277277e
807d1dd39a4efb8ccaaa547c2fb3fee32a9a3b09
5643403317f88070c98ae0ad729709bf15b1fd4de220b5076026fa1b3c25de4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
licogi18.com.vn/wp-content/uploads/2021/09/image003-3-360x240.jpg
123.30.171.132200 OK 18 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/09/image003-3-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash 62a265c572cd6ec339f03f31050280ba
f9153d27634e84295520b23e99a20b8c29711792
def92b046f9a8f9528553af9dc42af04802b649885806af24fd6ec276e4406ee
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/09/image003-3-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 18357
accept-ranges: bytes
server: Apache/2
x-original-content-length: 19298
etag: W/"PSA-aj-YqJlxXLNbs"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.0.0
123.30.171.132200 OK 33 kB URL HTTP/2 licogi18.com.vn/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.0.0
IP 123.30.171.132:0
File type Unicode text, UTF-8 text, with very long lines (33914), with NEL line terminators
Hash ff80c686ae78ea8a95e4b48bbae2d6e5
b32189aa73507d06fc17138376b69caf9442a358
aaaaae3ac48d7b0cf48a996ca726158b94bb0eb5817e2e809261d89f5354b61a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.0.0 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 32586
server: Apache/2
accept-ranges: bytes
x-original-content-length: 96193
vary: Accept-Encoding
content-encoding: gzip
etag: W/"PSA-aj-6aO9qdco2m"
expires: Sat, 17 Sep 2022 04:32:18 GMT
cache-control: max-age=211
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/image001-8-360x240.jpg
123.30.171.132200 OK 23 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/image001-8-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash 92f4e15b719d228ae44af0ca461e623b
9987e40399d65531c4e73daf10e8a547ce90ca8a
5b6a32b831eeda41928ac210219143ad834e77eb90be7eb7b69eee52761da983
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/image001-8-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 22961
accept-ranges: bytes
server: Apache/2
x-original-content-length: 24175
etag: W/"PSA-aj-kvThW3GdIo"
expires: Sat, 17 Sep 2022 04:32:28 GMT
cache-control: max-age=221
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/anh-da-huong-thuong-360x240.jpg
123.30.171.132200 OK 24 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/anh-da-huong-thuong-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash 33b9d409eca96f01674316a1c98b860a
0938422a7836efcd9f9b132294537da7a46b8160
491f71b4543a6f4c728301bd4ab6da9dbbe108d629c7d612d9eb34d099eb7069
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/anh-da-huong-thuong-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 24394
accept-ranges: bytes
server: Apache/2
x-original-content-length: 26018
etag: W/"PSA-aj-M7nUCeypbw"
expires: Sat, 17 Sep 2022 04:32:28 GMT
cache-control: max-age=221
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/image001-1-360x240.png
123.30.171.132200 OK 31 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/image001-1-360x240.png
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x240, components 3\012- data
Hash 0447238c9977efa377e824206d9fad2e
fd1409eda0f3ebaa0b00e855d63e3a87882d5a09
e5f505c99e5702058457c1f71c9da036e4b0ae40f918e2b8c7b1a171bfa6a35b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/image001-1-360x240.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 31338
accept-ranges: bytes
server: Apache/2
x-original-content-length: 222538
etag: W/"PSA-aj-BEcjjJl376"
expires: Sat, 17 Sep 2022 04:32:28 GMT
cache-control: max-age=221
date: Sat, 17 Sep 2022 04:28:46 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/images/xlogo2.png.pagespeed.ic.QkdUQz6A3O.png
123.30.171.132200 OK 26 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/images/xlogo2.png.pagespeed.ic.QkdUQz6A3O.png
IP 123.30.171.132:0
File type PNG image data, 1530 x 2343, 8-bit colormap, non-interlaced\012- data
Hash 424754433e80dcee861728e7368744e9
fe583af0b40089cfccb48c3c7853735c8211041d
96d9afc20e29098aacf6c903a363310607d68d40b362dee6e61a3d9e901d63e9
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/caia/images/xlogo2.png.pagespeed.ic.QkdUQz6A3O.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
link: <https://licogi18.com.vn/wp-content/themes/caia/images/logo2.png>; rel="canonical"
server: Apache/2
accept-ranges: bytes
expires: Sun, 17 Sep 2023 03:39:44 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Sat, 17 Sep 2022 03:39:44 GMT
x-original-content-length: 73859
date: Sat, 17 Sep 2022 04:28:47 GMT
content-length: 26077
content-type: image/png
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-S2RJHLLQ19>m=2oe9e0&_p=632064380&cid=176377320.1663378559&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663388844&sct=2&seg=0&dl=https%3A%2F%2Flicogi18.com.vn%2Flogin.microsoftonline.com%2Flogin.php%3Ftes.php%3Flogin.live.com%2Fgetsessionstate.srf%3Fresponse_type%3Dcode%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26scope%3Dopenid%2Bprofile%2Bemail%2Boffline_access%26response_mode%3Dform_post%26redirect_uri%3Dlogin.microsoftonline.com%2Fcommon%2Ffederation%2Foauth2%26state%3Drqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2%26estsfed%3D1%26uaid%3D27aab22138724fb08da033daeafc4afa%26vaccess%26vv%3D1600%26mkt%3Den-us%26lc%3D1033%26emailcmd%3Dlogin_submit%26id%3D228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6%26session%3D228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&dt=Kh%C3%B4ng%20t%C3%ACm%20th%E1%BA%A5y%20-%20Licogi%2018&en=page_view&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-S2RJHLLQ19>m=2oe9e0&_p=632064380&cid=176377320.1663378559&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663388844&sct=2&seg=0&dl=https%3A%2F%2Flicogi18.com.vn%2Flogin.microsoftonline.com%2Flogin.php%3Ftes.php%3Flogin.live.com%2Fgetsessionstate.srf%3Fresponse_type%3Dcode%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26scope%3Dopenid%2Bprofile%2Bemail%2Boffline_access%26response_mode%3Dform_post%26redirect_uri%3Dlogin.microsoftonline.com%2Fcommon%2Ffederation%2Foauth2%26state%3Drqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2%26estsfed%3D1%26uaid%3D27aab22138724fb08da033daeafc4afa%26vaccess%26vv%3D1600%26mkt%3Den-us%26lc%3D1033%26emailcmd%3Dlogin_submit%26id%3D228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6%26session%3D228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&dt=Kh%C3%B4ng%20t%C3%ACm%20th%E1%BA%A5y%20-%20Licogi%2018&en=page_view&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-S2RJHLLQ19>m=2oe9e0&_p=632064380&cid=176377320.1663378559&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663388844&sct=2&seg=0&dl=https%3A%2F%2Flicogi18.com.vn%2Flogin.microsoftonline.com%2Flogin.php%3Ftes.php%3Flogin.live.com%2Fgetsessionstate.srf%3Fresponse_type%3Dcode%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26scope%3Dopenid%2Bprofile%2Bemail%2Boffline_access%26response_mode%3Dform_post%26redirect_uri%3Dlogin.microsoftonline.com%2Fcommon%2Ffederation%2Foauth2%26state%3Drqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2%26estsfed%3D1%26uaid%3D27aab22138724fb08da033daeafc4afa%26vaccess%26vv%3D1600%26mkt%3Den-us%26lc%3D1033%26emailcmd%3Dlogin_submit%26id%3D228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6%26session%3D228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&dt=Kh%C3%B4ng%20t%C3%ACm%20th%E1%BA%A5y%20-%20Licogi%2018&en=page_view&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://licogi18.com.vn
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://licogi18.com.vn
date: Sat, 17 Sep 2022 04:27:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc0aaf293fed6c16e1dde02c50c8f40
e94f11cd8fa955f28856a02aa7115aa5f3626d98
b1592dc8fc0d63052f66b7be9b5ff1f562f6fbd05f6365ce828758bfbb3f1a12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Regular.ttf
123.30.171.132200 OK 147 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Regular.ttf
IP 123.30.171.132:0
Size 147 kB (146883 bytes)
Hash 65a061bce463b7bb74fa0d9fd2e264c1
f39043c0dbed18ee504c0b943eed58c7b17e44cc
231e1a5a560e11ab16a7de14ef0bbc79655324db20fb6b21154c8fd465683723
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/font/SFProDisplay-Regular.ttf HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:37 GMT
etag: "650e4-5c9b89b276978-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-type: application/x-font-ttf
date: Sat, 17 Sep 2022 04:28:47 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/images/xflags.png.pagespeed.ic.Ez8qx8OZvV.png
123.30.171.132200 OK 55 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/images/xflags.png.pagespeed.ic.Ez8qx8OZvV.png
IP 123.30.171.132:0
File type PNG image data, 169 x 520, 8-bit/color RGBA, non-interlaced\012- data
Hash 133f2ac7c399bd54d504029effd3ecd9
eaeaa0e0270bf6f0452933824f18a3361ad96a05
56e86d2e05dff8989f2b6d7a8e2a6651f56e5f0de62e616081c54f98330a55fe
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/images/xflags.png.pagespeed.ic.Ez8qx8OZvV.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9
Cookie: _ga_S2RJHLLQ19=GS1.1.1663388844.2.0.1663388844.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
link: <https://licogi18.com.vn/wp-content/plugins/google-language-translator/images/flags.png>; rel="canonical"
server: Apache/2
accept-ranges: bytes
expires: Sun, 17 Sep 2023 03:50:04 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Sat, 17 Sep 2022 03:50:04 GMT
x-original-content-length: 54996
date: Sat, 17 Sep 2022 04:28:48 GMT
content-length: 54938
content-type: image/png
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/images/favicon.ico
123.30.171.132200 OK 170 B URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/images/favicon.ico
IP 123.30.171.132:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 0891295b5789a875ea50300630542832
b8d879059ffdb950d9dbc493775fec2b01ea2c59
0280dfb6b3b7ff53e71688a0f714e7cbc92c4673d24722b88700bc12ba0112b2
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/caia/images/favicon.ico HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6&session=228499b55310264a8ea0e27b6e7c6ab6228499b55310264a8ea0e27b6e7c6ab6
Cookie: _ga_S2RJHLLQ19=GS1.1.1663388844.2.0.1663388844.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:38 GMT
etag: "47e-5c9b89b3841f8-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-length: 170
content-type: image/x-icon
date: Sat, 17 Sep 2022 04:28:48 GMT
server: Apache/2
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 924cca70f1f5ba02eb6af21a65e0bdd1
3baa75b1ea32068f96cfd5060e4e1eda71c61da8
e55036d990bb7071b7e51e739b8650538ce67d821cc966b0baa99ff40220973b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5147
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:42 GMT
Last-Modified: Sat, 17 Sep 2022 03:01:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/vi_VN/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/vi_VN/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 191dbeb6102772da51bd5be2a8d2ec18
3997ce9d818607d17f1b487bd93e5f8e835b0446
77ede5bab6001600a7dde102db551a0d8e955aa5c97b592e61b438693d086f93
GET /vi_VN/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 1721bfa70d3a11c95c9467524bbae787
etag: "f55352d896b14d0a1ccf29ea9265747d"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 17 Sep 2022 04:44:14 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: GR2+thAnctpRvVviqNLsGA==
x-fb-debug: MNgSx3geDn9m1BauQqvo6wYsCxB+kzPb8fx5Xl6dw3MzLSuPVsuGIJZ0mzov52s2cJZ2VYiUiinFqXoUQp/Fjg==
content-length: 1687
x-fb-trip-id: 1904183273
date: Sat, 17 Sep 2022 04:27:42 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 924cca70f1f5ba02eb6af21a65e0bdd1
3baa75b1ea32068f96cfd5060e4e1eda71c61da8
e55036d990bb7071b7e51e739b8650538ce67d821cc966b0baa99ff40220973b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5147
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 04:27:42 GMT
Last-Modified: Sat, 17 Sep 2022 03:01:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/vi_VN/sdk.js?hash=2b5e495ee7a264ebe515624df8f2b2f7
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/vi_VN/sdk.js?hash=2b5e495ee7a264ebe515624df8f2b2f7
IP 31.13.72.12:0
File type ASCII text, with very long lines (13317)
Hash 38b9f0cbcf2a3e72c9981c4e9eb0377a
5ffe2ee9f2c938306d1bc4890ecfb9364163431e
557b7ff1219d3d80831834e2c867a0e9af7f819397a1bd64c2083a116e891b28
GET /vi_VN/sdk.js?hash=2b5e495ee7a264ebe515624df8f2b2f7 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://licogi18.com.vn
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: e3b46873486c1964b4f1396459170ae6
etag: "6f8e58250d163207b0133e117772a640"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 17 Sep 2023 04:24:16 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: OLnwy88qPnLJmBxOnrA3eg==
x-fb-debug: VBOZOsyuhbFMMoB75b2TV997aqCzKOPtKqFR2pqsN+TxFz3XOYiPm52gp4j6PNACM4otHLReD89XBYDkkY2Qvw==
priority: u=3,i
content-length: 87379
x-fb-trip-id: 1904183273
date: Sat, 17 Sep 2022 04:27:43 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9c807387d303abb2bca1ef14b14c9e26
428fe80d3f35758433a6b2cf25e6bcb5f63a6a63
277a74204dc8bec8a227ca43cdb840b5dda71f74e8aec56606e862e70a5ba19c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5234
x-amzn-requestid: 55e23e9a-f85c-42f2-87b6-aff3646bf1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yknn_EFzoAMF2Ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ec99-62f023426230c7b46116d4b7;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:37:29 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fb2wN0gTI9OKgDghf1u4DKwrADkYcS5_7LIxaLxmbo0OciwezGh_LA==
via: 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:37:55 GMT
age: 24589
etag: "428fe80d3f35758433a6b2cf25e6bcb5f63a6a63"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Semibold.ttf
123.30.171.132200 OK 0 B URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Semibold.ttf
IP 123.30.171.132:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/font/SFProDisplay-Semibold.ttf HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:38 GMT
etag: "6a340-5c9b89b2b70b8-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-type: application/x-font-ttf
date: Sat, 17 Sep 2022 04:28:47 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Bold.ttf
123.30.171.132200 OK 0 B URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Bold.ttf
IP 123.30.171.132:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/font/SFProDisplay-Bold.ttf HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663378558.1.0.1663378564.0.0.0; _ga=GA1.1.176377320.1663378559
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:37 GMT
etag: "6a6c0-5c9b89b25d338-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-type: application/x-font-ttf
date: Sat, 17 Sep 2022 04:28:47 GMT
server: Apache/2
X-Firefox-Spdy: h2