r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3634
Expires: Tue, 29 Nov 2022 21:36:50 GMT
Date: Tue, 29 Nov 2022 20:36:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4423
Cache-Control: max-age=140918
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:16 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:44:54 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15388
Expires: Wed, 30 Nov 2022 00:52:44 GMT
Date: Tue, 29 Nov 2022 20:36:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 20:17:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1101
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zmRe/B1mACZ9o/7asWW+0PFS/jPP+hLvxlqk9zT2sabDzZQr8PiEJpUWu4dkX5ASIysMgf5ZM3j7vyEgKQ+Bcg==
x-amz-request-id: N4MDGS8ZYE178WK9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 19:45:35 GMT
age: 3041
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 20:36:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde
103.200.5.94301 Moved Permanently 278 B URL HTTP/1.1 vienyhocdantoc.com.vn/wp-includes/web/1/linklde
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 793c027d9f2c2021b069332ae13bd645
3c358703a42a9475fed4a63bee9c744932ad9ff7
1a14cc3a54e41a50f197ac79da540c0fe78db60df5c9589e8a58aa08611a1d2a
Analyzer Verdict Alert openphish LinkedIn Corporation
fortinet Malware
GET /wp-includes/web/1/linklde HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Tue, 29 Nov 2022 20:36:16 GMT
Content-Type: text/html
Content-Length: 278
Connection: keep-alive
Location: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde
Strict-Transport-Security: max-age=31536000
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 20:08:56 GMT
cache-control: public,max-age=3600
age: 1640
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3681
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:16 GMT
Last-Modified: Tue, 29 Nov 2022 19:34:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b258eb3b2a59291c764be91037092ad6
2dc16c5ae4649ea31878c95b81ed5337bb5fce10
ed33d9e5f6c963c79e06ffdebb286a4a3349a07579c82769bcd42fc9ea8b1b42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED33D9E5F6C963C79E06FFDEBB286A4A3349A07579C82769BCD42FC9EA8B1B42"
Last-Modified: Tue, 29 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3276
Expires: Tue, 29 Nov 2022 21:30:52 GMT
Date: Tue, 29 Nov 2022 20:36:16 GMT
Connection: keep-alive
push.services.mozilla.com/
52.88.25.203101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.88.25.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mY3swsFQqIO9t6LpAShzog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9WtYNtjh5TAXFVKm/k57PKkTeWQ=
vienyhocdantoc.com.vn/wp-includes/web/1/linklde
103.200.5.94301 Moved Permanently 278 B URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 793c027d9f2c2021b069332ae13bd645
3c358703a42a9475fed4a63bee9c744932ad9ff7
1a14cc3a54e41a50f197ac79da540c0fe78db60df5c9589e8a58aa08611a1d2a
Analyzer Verdict Alert openphish LinkedIn Corporation
fortinet Malware
GET /wp-includes/web/1/linklde HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: text/html
content-length: 278
location: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3577
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3577
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3577
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3577
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:36:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 02:55:32 GMT
age: 63646
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d574c4db20a68295dbd06cb08f5990b
433061bbb226048765a711deca3026ee3e52372f
8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UmhWm03jrsV8dFagrzIA0E-8eL8dykoO5kw3cYOBd172dCGqNdAX-Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:05:38 GMT
age: 59440
etag: "433061bbb226048765a711deca3026ee3e52372f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Jb1eLyzn88lV_UTId-Fl3OnftDn8c7o5j8d16_nzHCNST_68MZ1pvA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:50:08 GMT
age: 81970
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:01:17 GMT
age: 63301
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:52:21 GMT
age: 56637
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9BUuT9WFwAQMnl8JiTDKo-zHgDL0AdjAAAIh0Mx405zbGwhvRouebQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 12:20:15 GMT
age: 29763
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf
216.58.207.227200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf
IP 216.58.207.227:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google SansRegularGoogle;GoogleSans-RegularGoogle\012- data
Hash 097c4b560f821fb05c628abb70fab199
4650bf1244b6cba45b222aa269c96ad8ea95ab42
a9bd7cfb72481bd844fa2e3cd4019c8b2ab2a232b50cabe62f8d9483e284f672
GET /s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 17:49:31 GMT
expires: Sat, 25 Nov 2023 17:49:31 GMT
cache-control: public, max-age=31536000
age: 355607
last-modified: Mon, 22 Apr 2019 23:42:54 GMT
content-type: font/ttf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
216.58.207.227200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
IP 216.58.207.227:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google Sans MediumRegularGoogle;GoogleSans-Medium\012- data
Hash 48d399faaa696e710b9d841b934461e2
8b867014ac0ae0a2b81a55f171deede8336a496f
c905a4d23caf1f95d96c244084f15336fba5f65b74de870ec5c2be878410625d
GET /s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27431
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 17:49:32 GMT
expires: Sat, 25 Nov 2023 17:49:32 GMT
cache-control: public, max-age=31536000
age: 355606
last-modified: Mon, 22 Apr 2019 23:43:31 GMT
content-type: font/ttf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/50a28enatfg8kjjl3gk2c5mud
103.200.5.94200 OK 64 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/50a28enatfg8kjjl3gk2c5mud
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type Unicode text, UTF-8 text, with very long lines (63948), with no line terminators
Hash 54964f602b3fddc240dad461f1e516e5
6e0d09b0747e49dc91c045d83a1a945a618db25e
eff0b6274db6ebd08633097921e241f45f30c760d4fb9038ef3037fc03761249
Analyzer Verdict Alert urlquery Phishing - LinkedIn
fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/50a28enatfg8kjjl3gk2c5mud HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: application/octet-stream
content-length: 63956
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-f9d4"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/djykitbj8q6nbc5kqowcmv2h7
103.200.5.94200 OK 65 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/djykitbj8q6nbc5kqowcmv2h7
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type C source, Unicode text, UTF-8 text, with very long lines (65072)
Hash e4f37385c862f258559ddafcbcfba44b
e71ba2c95cec048ac13fbdd1d528715220021e20
2072637eca86b31333f03dd2f363993776d87ec85be0f0970d80a08347cbe43f
Analyzer Verdict Alert urlquery Phishing - LinkedIn
fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/djykitbj8q6nbc5kqowcmv2h7 HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: application/octet-stream
content-length: 65076
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-fe34"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/26elsm12hjqp7ymaluqfe5qu7
103.200.5.94200 OK 1.8 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/26elsm12hjqp7ymaluqfe5qu7
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type ASCII text, with very long lines (1821), with no line terminators
Hash 24c9b7c0ebf96d459f0f8a30658aa11f
5b2723731754a6b8828524644738644e807c49ad
a04c915c86662f64233cf9e2ddd8ef855ef6810b284b7743479eb9978f9f4f1e
Analyzer Verdict Alert urlquery Phishing - LinkedIn
fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/26elsm12hjqp7ymaluqfe5qu7 HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: application/octet-stream
content-length: 1821
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-71d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/4ygrgi0klw0h7s7s9m56m10fz
103.200.5.94200 OK 168 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/4ygrgi0klw0h7s7s9m56m10fz
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size 168 kB (167605 bytes)
Hash 53bc6fccbacea58a03d16344f252367f
509c4602231d68320d34bf647767383ff43667ce
42525f66683a7435b58fee40ebb269c386451ed660c1ac80ed159a066e55466d
Analyzer Verdict Alert urlquery Phishing - LinkedIn
fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/4ygrgi0klw0h7s7s9m56m10fz HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: application/octet-stream
content-length: 167605
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-28eb5"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/3a5zi3egw5hosweu6wsco2rsf
103.200.5.94200 OK 69 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/3a5zi3egw5hosweu6wsco2rsf
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type Unicode text, UTF-8 text, with very long lines (38113)
Hash 3771915d5e2a08d3be3f725b92f4812f
e4e3abe3ddcd97f7e946a64d8e6272f20cd3c669
20d449c5ddb6c176c61469ff31f409266494a37fc8dddfb42e61315e366b168e
Analyzer Verdict Alert urlquery Phishing - LinkedIn
fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/3a5zi3egw5hosweu6wsco2rsf HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: application/octet-stream
content-length: 69256
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-10e88"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
static-exp1.licdn.com/sc/h/1gpe377m8n1eq73qveizv5onv
23.36.76.210200 OK 13 kB URL HTTP/2 static-exp1.licdn.com/sc/h/1gpe377m8n1eq73qveizv5onv
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7566)
Hash 18bab5c3a5007c99d4cba0ca2050971b
7da781d13a9dbc0464fa418d8e99a007e9843c3d
db1ae725d93f71d9191e4e5c013ed0ca74424bd02e7fc6ced795d9f51de63f4a
GET /sc/h/1gpe377m8n1eq73qveizv5onv HTTP/1.1
Host: static-exp1.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 26 Aug 2023 01:53:44 GMT
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
cache-control: max-age=31536000, immutable
server: Play
content-encoding: br
x-li-static-content: 1
content-type: text/javascript
x-fs-uuid: 0a9d6ce11f5bad16b00010e0be2a0000
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: prod-eda6
x-li-proto: http/1.1
x-li-uuid: Cp1s4R9brRawABDgvioAAA==
content-length: 13154
remote-cache-status: TCP_HIT
unused62: 8096267
date: Tue, 29 Nov 2022 20:36:19 GMT
x-cache: TCP_HIT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/dhra8axxv5afjd3u90gduwpcj.png
103.200.5.94200 OK 5.5 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/dhra8axxv5afjd3u90gduwpcj.png
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type PNG image data, 114 x 114, 8-bit/color RGBA, non-interlaced\012- data
Hash e3eae9467d41fa15bc1d2a03a4d47a53
2cdb3230a055bc0b402bdcd4415553c964da1a35
7ebe33084a6e722927ef76ff3c583b1bae3ff27b6a48bf921d5de4aeebb56c62
Analyzer Verdict Alert urlquery Phishing - LinkedIn
GET /wp-includes/web/1/linklde/sc/h/dhra8axxv5afjd3u90gduwpcj.png HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:19 GMT
content-type: image/png
content-length: 5497
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-1579"
expires: Thu, 29 Dec 2022 20:36:19 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/3m4lyvbs6efg8pyhv7kupo6dh.ico
103.200.5.94200 OK 33 kB URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/3m4lyvbs6efg8pyhv7kupo6dh.ico
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 3d0e5c05903cec0bc8e3fe0cda552745
1b513503c65572f0787a14cc71018bd34f11b661
42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
Analyzer Verdict Alert urlquery Phishing - LinkedIn
fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/3m4lyvbs6efg8pyhv7kupo6dh.ico HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:19 GMT
content-type: image/x-icon
content-length: 32988
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
etag: "5096d782-80dc"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 549743a6145ebf2e05bfa12f1dcf55fb
5706e5df0fa9cee1d2192a01e4f02d60f8e36ea4
85cc4869c312fae000216f3284a35942ff641a865cc792ce1570e7b3367363e1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 675
Cache-Control: max-age=96844
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:20 GMT
Etag: "638541ed-1d7"
Expires: Wed, 30 Nov 2022 23:30:24 GMT
Last-Modified: Mon, 28 Nov 2022 23:19:09 GMT
Server: ECS (amb/6B73)
X-Cache: HIT
Content-Length: 471
vienyhocdantoc.com.vn/li/track
103.200.5.94200 OK 385 B URL HTTP/2 vienyhocdantoc.com.vn/li/track
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type ASCII text, with very long lines (324)
Hash ec8804e31cb075e1c248aa1340033be9
8fc7fae4bf37994683eb6a268b1031818c999174
ef22322b1f8ec023c8ebf6c88a2004c11ddfafa140cee93e2482c68f78d2ce87
Analyzer Verdict Alert fortinet Malware
POST /li/track HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Csrf-Token:
Content-Length: 494
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 73f8788a2b2c23d26d2721e7f9a39364
b76343d0680c7a05051dee3530beed61352e8320
42590d7ad432b37e9c945fc87ab9ca3c61b29e50392dd737cee17cfb67dec226
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2512
Cache-Control: max-age=123149
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:21 GMT
Etag: "6385a182-1d7"
Expires: Thu, 01 Dec 2022 06:48:50 GMT
Last-Modified: Tue, 29 Nov 2022 06:06:58 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
vienyhocdantoc.com.vn/li/track
103.200.5.94200 OK 617 B URL HTTP/2 vienyhocdantoc.com.vn/li/track
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type ASCII text, with very long lines (611)
Hash 2e3ded8132b5a5a795a98b9d86803c2d
547b6930604b777a611c09496464d56aba4cf92e
0b5bbdf8f5afa4749199acbba81e292ad363cc4023fd17349e35627fe0ca9988
Analyzer Verdict Alert fortinet Malware
POST /li/track HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Csrf-Token:
Content-Length: 6617
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1669754180178
34.248.30.105200 OK 469 B URL HTTP/1.1 lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1669754180178
IP 34.248.30.105:0
File type JSON data\012- , ASCII text, with very long lines (689), with no line terminators
Hash 0e995b804615c344ce4eb415b9b6fd33
27fe2dabc7f1f540a3470c3caedd1a820d6bad0f
b3165d0de4fe1510cdf5f28379180c2303df697c19770aa2421087bacadf2e33
POST /event?d_dil_ver=9.4&_ts=1669754180178 HTTP/1.1
Host: lnkd.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 282
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://vienyhocdantoc.com.vn
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f45dc272.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=79401143502165295310283930518101686335; Max-Age=15552000; Expires=Sun, 28 May 2023 20:36:21 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: sneXE0JYTH4=
Content-Length: 469
Connection: keep-alive
lnkd.demdex.net/dest5.html?d_nsid=0
34.248.30.105200 OK 2.8 kB URL HTTP/1.1 lnkd.demdex.net/dest5.html?d_nsid=0
IP 34.248.30.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: lnkd.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 29 Nov 2022 20:36:21 GMT
DCS: dcs-prod-irl1-1-v045-0480615af.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 13:34:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: k1HGeJJlR0k=
Content-Length: 2791
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c3c6fcc1a6ec6e438b371359a220d437
646d2c502eb3579d0c394dbdd16ef10f60f43063
5e75d86847b64e661c218e63d1b4b2c4a9ade7506b3b50fce16dd39ebaa5c5fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 867
Cache-Control: max-age=133712
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:21 GMT
Etag: "6385d132-1d7"
Expires: Thu, 01 Dec 2022 09:44:53 GMT
Last-Modified: Tue, 29 Nov 2022 09:30:26 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr/?id=136430647058082&ev=Adobe-Audience-Manager-Segment&cd[segID]=16675012&noscript=1
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=136430647058082&ev=Adobe-Audience-Manager-Segment&cd[segID]=16675012&noscript=1
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=136430647058082&ev=Adobe-Audience-Manager-Segment&cd[segID]=16675012&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnkd.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Nov 2022 20:36:21 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c3c6fcc1a6ec6e438b371359a220d437
646d2c502eb3579d0c394dbdd16ef10f60f43063
5e75d86847b64e661c218e63d1b4b2c4a9ade7506b3b50fce16dd39ebaa5c5fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 867
Cache-Control: max-age=133712
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:21 GMT
Etag: "6385d132-1d7"
Expires: Thu, 01 Dec 2022 09:44:53 GMT
Last-Modified: Tue, 29 Nov 2022 09:30:26 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
vienyhocdantoc.com.vn/li/track
103.200.5.94200 OK 3.3 kB URL HTTP/2 vienyhocdantoc.com.vn/li/track
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
File type ASCII text, with very long lines (9552)
Hash 934f2d6654e8c61144d4053050f564e7
f843274ce14a2798a4389198273a62e44e338421
885c5951e856834b90cd39a8e50579f5ebff6032bdd390f4ca35323b2d36c440
Analyzer Verdict Alert fortinet Malware
POST /li/track HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Csrf-Token:
Content-Length: 504
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.117.js?utv=ut4.46.202211210302
23.36.76.121200 OK 3.0 kB URL HTTP/2 platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.117.js?utv=ut4.46.202211210302
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (9242), with no line terminators
Hash 78a8ec7a7a7dfb5323773e7091e35d68
88afc81c6d0c7723692277907d48a04d8ae89ece
bebbfbf34a9638b8de510fb4924be744388ff6ba23542b52f5f396999ee11a36
Analyzer Verdict Alert urlquery Phishing - LinkedIn
GET /litms/utag/checkpoint-frontend/utag.117.js?utv=ut4.46.202211210302 HTTP/1.1
Host: platform.linkedin-ei.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Cookie: lang=v=2&lang=en-us; bcookie="v=2&9a41bb92-e88b-42b5-8186-9d791d3591b3"; lidc="b=ETGST03:s=ET:r=ET:a=ET:p=ET:g=91:u=1:x=1:i=1669754180:t=1669840580:v=2:sig=AQFOG88BFpF-uQVrDKLkyKMbmB0Cukbt"
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "b6dac75416fc695e5372e1efe68d3b180c8a476b"
server: Play
accept-ranges: bytes
cache-control: max-age=300
last-modified: Tue, 29 Nov 2022 16:15:56 GMT
content-encoding: gzip
content-length: 2998
content-type: application/javascript; charset=utf-8
x-li-fabric: ei-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-li-pop: ei-ltx1-x
x-li-proto: http/1.1
x-li-uuid: AAXuoHEllMXgaz0QF2yoFg==
date: Tue, 29 Nov 2022 20:36:21 GMT
vary: Accept-Encoding
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
x-cdn: AKAM
X-Firefox-Spdy: h2
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1669754100000
23.36.76.121200 OK 44 kB URL HTTP/2 platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1669754100000
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (34278)
Hash 0016b25945ce58b3491dff3ce1465666
1d3c5f3030d6cedb39bf7b36a24f83fa52918408
664f8a952cb278ead6b895bd8735b9cfb084e0b8633a2f2d0c6120f5cd58dd64
GET /litms/utag/checkpoint-frontend/utag.js?cb=1669754100000 HTTP/1.1
Host: platform.linkedin-ei.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "478392526f6093c2db6270915359a46ec1d90847"
server: Play
accept-ranges: bytes
cache-control: max-age=300
last-modified: Tue, 29 Nov 2022 16:15:56 GMT
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-li-fabric: ei-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-li-pop: ei-ltx1-x
x-li-proto: http/1.1
x-li-uuid: AAXuofDOr3Coowmh+kgFWA==
date: Tue, 29 Nov 2022 20:36:20 GMT
vary: Accept-Encoding
set-cookie: lidc="b=ETGST03:s=ET:r=ET:a=ET:p=ET:g=91:u=1:x=1:i=1669754180:t=1669840580:v=2:sig=AQFOG88BFpF-uQVrDKLkyKMbmB0Cukbt"; Expires=Wed, 30 Nov 2022 20:36:20 GMT; domain=.linkedin-ei.com; Path=/; SameSite=None; Secure
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
x-cdn: AKAM
X-Firefox-Spdy: h2
platform.linkedin.com/litms/vendor/google/gtag-adwords.js?id=AW-979305453
23.36.76.121200 OK 30 kB URL HTTP/2 platform.linkedin.com/litms/vendor/google/gtag-adwords.js?id=AW-979305453
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash f3dd4fadd7c24a30e294093c9c53d688
03051fb1394cff6dfb789a90c51055bae1fee063
a83c5047a0e1bd069e5c5451d215335df33cd51660839fd1ddf46defd842712f
GET /litms/vendor/google/gtag-adwords.js?id=AW-979305453 HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "1863a3ffcd2152035c9a3a43791f2e11dba623dc"
server: Play
accept-ranges: bytes
cache-control: max-age=2628000
last-modified: Sat, 15 Oct 2022 16:43:00 GMT
content-encoding: gzip
content-length: 29593
content-type: application/javascript; charset=utf-8
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
x-li-uuid: AAXrlr/vf2tOe8ZBJlGBgQ==
date: Tue, 29 Nov 2022 20:36:21 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ecb3506821caec55c7bbba4661f05460
851aead7db5c43dba6547026590cd9a23cbcdadf
dc93906a7850df73e9052b353dee67b80bb5caf8e804370242e994fba3cf4152
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ecb3506821caec55c7bbba4661f05460
851aead7db5c43dba6547026590cd9a23cbcdadf
dc93906a7850df73e9052b353dee67b80bb5caf8e804370242e994fba3cf4152
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion/979305453/?random=1669754180995&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1
142.250.74.34302 Found 42 B URL HTTP/2 www.googleadservices.com/pagead/conversion/979305453/?random=1669754180995&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/conversion/979305453/?random=1669754180995&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&sscte=1&crd=
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googleadservices.com/pagead/conversion/979305453/?random=1669754180992&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1
142.250.74.34302 Found 42 B URL HTTP/2 www.googleadservices.com/pagead/conversion/979305453/?random=1669754180992&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/conversion/979305453/?random=1669754180992&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&sscte=1&crd=
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ee42df19cb85a32274da55a436f6099c
f2efc95b28a170acce5d07080a1841a704490890
d227692b55435fe171db887ceecd17983ee29cc2ed2b8f1f11429fa9116474d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&sscte=1&crd=
216.58.207.194302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&sscte=1&crd=
IP 216.58.207.194:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vienyhocdantoc.com.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 29-Nov-2022 20:51:22 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&sscte=1&crd=
216.58.207.194302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&sscte=1&crd=
IP 216.58.207.194:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vienyhocdantoc.com.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 29-Nov-2022 20:51:22 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0fe20d41a043db700a84924cd9793f3
c0da481fef6cd00558f6e68b074acb34bef8292f
03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0fe20d41a043db700a84924cd9793f3
c0da481fef6cd00558f6e68b074acb34bef8292f
03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO
142.250.74.132302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vienyhocdantoc.com.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO
142.250.74.132302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vienyhocdantoc.com.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash abd55ecd24d357a9f02612558f723a90
6a1e6963864f0b53ddc6205d35225e6cf0bcbeec
195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 798c6088f000b3a2464e23a92271c24d
2a53b3d3bd4a9104c79595f664276db5b32b9bad
dcccfc9bb4da634286d08301fcf23be3ae26bb429b35349fb72dde530fdb3ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 798c6088f000b3a2464e23a92271c24d
2a53b3d3bd4a9104c79595f664276db5b32b9bad
dcccfc9bb4da634286d08301fcf23be3ae26bb429b35349fb72dde530fdb3ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/979305453/?random=1184674088&cv=9&fst=1669754180995&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY6X8Aobd6gSvz7PYCw&random=3431519278&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vienyhocdantoc.com.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/979305453/?random=954350630&cv=9&fst=1669754180992&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fvienyhocdantoc.com.vn%2Fwp-includes%2Fweb%2F1%2Flinklde%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=Rm2GY96SA4a-6wSalbzwDQ&random=445843939&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vienyhocdantoc.com.vn/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 20:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 798c6088f000b3a2464e23a92271c24d
2a53b3d3bd4a9104c79595f664276db5b32b9bad
dcccfc9bb4da634286d08301fcf23be3ae26bb429b35349fb72dde530fdb3ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 20:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/cqpqsmixh8w40mzqux183dypa.css
103.200.5.94200 OK 0 B URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/cqpqsmixh8w40mzqux183dypa.css
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
GET /wp-includes/web/1/linklde/sc/h/cqpqsmixh8w40mzqux183dypa.css HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: text/css
last-modified: Sun, 04 Nov 2012 21:00:50 GMT
vary: Accept-Encoding
etag: W/"5096d782-4061c"
expires: Wed, 30 Nov 2022 08:36:17 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/li/track
103.200.5.94200 OK 0 B URL HTTP/2 vienyhocdantoc.com.vn/li/track
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
Analyzer Verdict Alert fortinet Malware
POST /li/track HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Csrf-Token:
Content-Length: 1613
Origin: https://vienyhocdantoc.com.vn
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Cookie: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg=-637568504%7CMCIDTS%7C19326%7CvVersion%7C5.1.1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
103.200.5.94200 OK 0 B URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/web/1/linklde/ HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: text/html
last-modified: Wed, 13 Apr 2022 00:17:20 GMT
vary: Accept-Encoding
etag: W/"62561690-7724"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/gg.html
103.200.5.94200 OK 0 B URL HTTP/2 vienyhocdantoc.com.vn/wp-includes/web/1/linklde/sc/h/gg.html
IP 103.200.5.94:0
ASN #38001 NewMedia Express Pte Ltd
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/web/1/linklde/sc/h/gg.html HTTP/1.1
Host: vienyhocdantoc.com.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vienyhocdantoc.com.vn/wp-includes/web/1/linklde/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: tengine
date: Tue, 29 Nov 2022 20:36:17 GMT
content-type: text/html
last-modified: Wed, 13 Apr 2022 00:16:12 GMT
vary: Accept-Encoding
etag: W/"6256164c-1940d"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2