firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 05:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: o8A3i6mMo2npgEuZd1HKj49yAo9zEetTipWJRhUYEWO-YGAB6lX7sg==
Age: 1888
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13558
Expires: Tue, 27 Sep 2022 09:32:56 GMT
Date: Tue, 27 Sep 2022 05:46:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Mon, 26 Sep 2022 09:17:07 GMT
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: U__9ANGzIJNA_lBeyVa-5HKO2FfCcgIhOIxh8BuXwHIhgQaAA46EzA==
age: 73792
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:46:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.goodnightchinhhang.com.vn/e5o1l73s/topo-chico-lime-plastic-bottles-case.html
61.14.233.78301 Moved Permanently 178 B URL HTTP/1.1 www.goodnightchinhhang.com.vn/e5o1l73s/topo-chico-lime-plastic-bottles-case.html
IP 61.14.233.78:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
GET /e5o1l73s/topo-chico-lime-plastic-bottles-case.html HTTP/1.1
Host: www.goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 27 Sep 2022 05:46:58 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.goodnightchinhhang.com.vn/e5o1l73s/topo-chico-lime-plastic-bottles-case.html
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 05:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 05:38:11 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _DXEaiPicM1T_41sLozcM9QtFEvRVMpcMnvTenIsnZT7A8WQD8utqQ==
Age: 2173
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2923
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:46:59 GMT
Last-Modified: Tue, 27 Sep 2022 04:58:16 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 760bb76d472a6a35a90c613dc63abbdd
b32424a7da6a84edc0b9fa7a11b4a1f9a30b48e5
b90a943e1f262a481a0d60467abb90482ce8f9eaeed599ffa673f71e8eb11676
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B90A943E1F262A481A0D60467ABB90482CE8F9EAEED599FFA673F71E8EB11676"
Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 27 Sep 2022 11:46:59 GMT
Date: Tue, 27 Sep 2022 05:46:59 GMT
Connection: keep-alive
push.services.mozilla.com/
35.83.91.138101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.91.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xEj6PUY0LP9Oyd3I2ft4EA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rqiX1nN8hwjl3jJXJJfe6DoiP/Q=
www.goodnightchinhhang.com.vn/e5o1l73s/topo-chico-lime-plastic-bottles-case.html
61.14.233.78200 OK 20 kB URL HTTP/2 www.goodnightchinhhang.com.vn/e5o1l73s/topo-chico-lime-plastic-bottles-case.html
IP 61.14.233.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20815)
Hash b9c1d46331c2492496d7299aa7e9a7d7
a7ed4205e5fc58413580916e984027614e04d872
6e2ba47916987e49094cf57eb6cd848b5a15a047992d49de2f444fe48580c696
Analyzer Verdict Alert fortinet Malware
GET /e5o1l73s/topo-chico-lime-plastic-bottles-case.html HTTP/1.1
Host: www.goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:46:59 GMT
content-type: text/html; charset=UTF-8
content-length: 20080
vary: Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8744
Expires: Tue, 27 Sep 2022 08:12:44 GMT
Date: Tue, 27 Sep 2022 05:47:00 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&subset=vietnamese&ver=5.8
142.250.74.10200 OK 2.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&subset=vietnamese&ver=5.8
IP 142.250.74.10:0
Hash b4622743f6ea48faac2180cc94423e89
f2ffd34a7c232fba14584e70541b98513e4bc175
83ab53105049766f16f9b74981298987490d307079dee392cc52913d1e0d9929
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&subset=vietnamese&ver=5.8 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 05:47:00 GMT
date: Tue, 27 Sep 2022 05:47:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lf6qqokEw32egp3ofmJGtUTAt3RD2f9rVq5gskbhrk_VFGweeo0oCQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:49:18 GMT
age: 28662
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vx-yM_jeJvOaa1UizK5OoDJFkvKnajg2ezLF2l2qnN_OhdTE6I4taQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:05:55 GMT
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
age: 16865
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4197a8a505b360b0c43142faf8cb7f48
4dbd2da7f7c45a97e3f6f6544ed428e892227cc3
434039a91ec37c8ff827c78f7613aa4f6416ded182b01140048a52654a2de4ce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7128
x-amzn-requestid: 5806782b-498e-427b-be73-a94695e3cacf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlPfFn4IAMFwMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bfc-07a420d631e463286c1dafa0;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:08 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dVs6mb-XGvvd4DXu8yFwO11iheR3QU3O3jFpxjcHZnWCc6jlXpx0Rg==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:51:54 GMT
age: 28506
etag: "4dbd2da7f7c45a97e3f6f6544ed428e892227cc3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe39ddaa9-a775-40b9-af3a-870507ff4d52.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe39ddaa9-a775-40b9-af3a-870507ff4d52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e56f576ce4c320252cd028a38a1e4bde
8fbe2856a3e05ae7c45f4e35944d2835d47e4284
dc5783e5d50e89d2b9c72dea55751a64157dbc9ec9be85383a6df10b5ec1a602
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe39ddaa9-a775-40b9-af3a-870507ff4d52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5142
x-amzn-requestid: 5b86b092-ff60-476c-855a-d32d5f10f115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yvz1CGInoAMF0Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296686-79e9a4cb75289e1b0785d4fc;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:06:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5uKkOdNToKayXi19pWBWrEwBYSj3NzbjLeE1qjhr8qqCapb_pGRD8g==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:50:22 GMT
age: 28598
etag: "8fbe2856a3e05ae7c45f4e35944d2835d47e4284"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 347dca206e13a3b13953f0ab398310b4
be60bbc96c832ae385cc9ae5828bd32703011b21
f6da888a54a0c6c73466f2c2a72dd875514a39d81b760a6b0116b4dd56ef31dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F171029d0-40d4-47b3-8936-8ba3b16b3212.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10211
x-amzn-requestid: 3ea4ac84-2465-4bd1-8ade-863de3c9576e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfSuGoQoAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145aa-7843b82728ead9a053c689d1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MMrek5LO9ukZjB6VV-5McuE_maDzwTOihucz0kwxuaTJMNOpTchoJA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:52:00 GMT
age: 28500
etag: "be60bbc96c832ae385cc9ae5828bd32703011b21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa70ece15044b7318cb11ae5e37a64e7
04a0665f771562c3e56ac3542abe5bd3c4c1a6b5
8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qkOlqM6tJ90H9572YLE0J-s79edBSceM5hLbJtyyuH86xdW8juoktA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 13:28:31 GMT
age: 58709
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
61.14.233.78200 OK 309 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 61.14.233.78:0
File type ASCII text, with very long lines (483)
Hash 0ea43e394ddaae5fdb710dbbc8869e58
3b0c93adc80720236096201db5cc2751e703996d
85225fffa21a94bfd954393d7471069ab227b98fd8b51cb5ab4af5488168a34e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
content-length: 309
x-accel-version: 0.01
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "29d-5e92025d9b589-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
61.14.233.78200 OK 308 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
IP 61.14.233.78:0
File type ASCII text, with very long lines (489)
Hash 0a08469d24387f830bbaaa00b3c228ae
01f5dfeb8f93a32c9a8f66fe5940758109771fcd
3c7c29e5fc1193ff7ce24f72f77b2dc129e1a9434a97ef7b625f6f715531803c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
content-length: 308
x-accel-version: 0.01
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "2a3-5e92025d9a9d1-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/themes/hello-elementor/theme.min.css?ver=2.3.1
61.14.233.78200 OK 2.1 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/themes/hello-elementor/theme.min.css?ver=2.3.1
IP 61.14.233.78:0
Hash 36a99de85cbcc442d79b98017a748bed
65443a44ce818d337fe84890f56f15e48787052f
b58fe4cfbc0d77abf9c64f55b7f5df63857c4fdf60093cba426989d50f1a13a7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hello-elementor/theme.min.css?ver=2.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 28 Dec 2020 07:04:04 GMT
vary: Accept-Encoding
etag: W/"5fe98364-151b"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
61.14.233.78200 OK 15 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 61.14.233.78:0
Hash c8178313385b33a6e544ad7adbdb3991
14cfe0a08823919c4a12e44a923d551bd1a0714f
4143a2f67c759ca99f6359a958153fc7c47342705fb74558fe3c3c31cb7f770b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-e238"
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 468773
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
goodnightchinhhang.com.vn/wp-includes/css/dist/block-library/style.min.css?ver=5.8
61.14.233.78200 OK 27 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/css/dist/block-library/style.min.css?ver=5.8
IP 61.14.233.78:0
Hash 1e9b387d0f1ec706367752dc4093f340
51fa51e20b1671acafe00e3b455f12f95ed3ee05
2588574ca3d865acdcabbabb78007dd6add15e7c759dc3b8d8573e144045ead6
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.8 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 18:47:37 GMT
vary: Accept-Encoding
etag: W/"62cdc1c9-15b64"
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
142.250.74.163200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 11872, version 1.0\012- data
Hash 87ace20058325aa069320aa4af875dff
b743548770c46d905ae1ba06310bc001c587fe8e
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:35:48 GMT
expires: Thu, 21 Sep 2023 19:35:48 GMT
cache-control: public, max-age=31536000
age: 468673
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
61.14.233.78200 OK 42 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 61.14.233.78:0
Hash 63e62893803d12fa61126d3ab5b1f46e
aaac63c03b0df7b28b0d0867a29d985e39cea374
680629e4a3a9909ea389b0b015404047a6c2f910b3e1346153b80e1cabae4564
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 19:39:35 GMT
vary: Accept-Encoding
etag: W/"62c5e4f7-168b5"
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:21 GMT
expires: Thu, 21 Sep 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 468760
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:14:12 GMT
expires: Mon, 25 Sep 2023 18:14:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 127969
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 468773
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
142.250.74.163200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 11800, version 1.0\012- data
Hash e36fccd06262bef92e7a9841e2202225
b907dd02819497b3942220e0aa160c167195506b
7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11800
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:35:48 GMT
expires: Thu, 21 Sep 2023 19:35:48 GMT
cache-control: public, max-age=31536000
age: 468673
last-modified: Wed, 11 May 2022 19:25:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2
142.250.74.163200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 11796, version 1.0\012- data
Hash 716871ec15f054ec158445180fe280e1
d7d746e03e49f7e10ca0b11e598f3d6db5e34a2b
b076e86301cbee8c5c9aef51863a9c0a88e6f6d2aabdffca93e031113c6caa74
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:43:36 GMT
expires: Thu, 21 Sep 2023 19:43:36 GMT
cache-control: public, max-age=31536000
age: 468205
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2
142.250.74.163200 OK 5.5 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5468, version 1.0\012- data
Hash 48c684d99330969e3ce90b9e9da2d698
aa3975c27acaa0fc617524acc2e001b714078b8d
51f3f41805329fb8341beb56ded833eae6c7a8a1a0a1d7e78960e1390fe928b6
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5468
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 22:56:59 GMT
expires: Thu, 21 Sep 2023 22:56:59 GMT
cache-control: public, max-age=31536000
age: 456602
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
142.250.74.163200 OK 5.5 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5548, version 1.0\012- data
Hash cdaab83619fcacd4027a77c99dd51e69
9e6eae8554f8cc2309b2dae2d9fa217e34eed6a4
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5548
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 21:33:01 GMT
expires: Thu, 21 Sep 2023 21:33:01 GMT
cache-control: public, max-age=31536000
age: 461640
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
142.250.74.163200 OK 5.6 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5604, version 1.0\012- data
Hash 7cda2cfee99d697daf8c14819d9004eb
76f4002863493c93454a9f17424942f321287cba
0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 20:01:06 GMT
expires: Thu, 21 Sep 2023 20:01:06 GMT
cache-control: public, max-age=31536000
age: 467155
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0
61.14.233.78200 OK 93 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0
IP 61.14.233.78:0
File type Web Open Font Format (Version 2), TrueType, length 93372, version 1.0\012- data
Hash aab0bb3379e0eb7ebc26071db61fbd57
711c8d350c4192c2f1aa7f73551445b89fb4b161
691fa7d17effc7d303eda0ad7e4a1d91b2f375506cfc8a774480cc2b55f156ea
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: application/octet-stream
content-length: 93372
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "632a08de-16cbc"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
61.14.233.78200 OK 78 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP 61.14.233.78:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://goodnightchinhhang.com.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: application/octet-stream
content-length: 78196
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "632a08de-13174"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-includes/js/wp-embed.min.js?ver=5.8
61.14.233.78200 OK 164 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/js/wp-embed.min.js?ver=5.8
IP 61.14.233.78:0
Size 164 kB (163752 bytes)
Hash 35c1fdcc12ecfd795ae88f2557e8708c
1bc51b38a3cf68aa27da4b1b19e69413cb467ac6
17106aea93ac0df7a15d396cd122baadadfa48ccef24e75f37e821bdafaa8be1
GET /wp-includes/js/wp-embed.min.js?ver=5.8 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Wed, 25 May 2022 06:40:08 GMT
vary: Accept-Encoding
etag: W/"628dcf48-5f6"
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0eea5e739ad9c3ed514cc629927d7b0d
036ee3ceb03954d3497cc2ca696144de1908858c
e6a9cce75fefd4e28d25cb723a00b166b590bfef4b6d7352a7b343423b6923a6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6A9CCE75FEFD4E28D25CB723A00B166B590BFEF4B6D7352A7B343423B6923A6"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=54
Expires: Tue, 27 Sep 2022 05:47:55 GMT
Date: Tue, 27 Sep 2022 05:47:01 GMT
Connection: keep-alive
goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.10
61.14.233.78200 OK 107 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.10
IP 61.14.233.78:0
Size 107 kB (107234 bytes)
Hash b009fc6ff9918883858bf32b8bfb1815
14080597bd8eba2ec53483c196fc78cddb1e2b63
71079b20bb8004df82b0bcc323986a69412a0cae6a992b0f38655990573bd129
GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.10 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Wed, 20 Jan 2021 04:12:02 GMT
vary: Accept-Encoding
etag: W/"6007ad92-33812"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/2021/05/mat-ngu.jpg
61.14.233.78200 OK 43 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/2021/05/mat-ngu.jpg
IP 61.14.233.78:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 693x390, components 3\012- data
Hash ba44449e6ed121e354e927866ec81602
bdfe036e8b46581ff06c5d37cb3fbffc309ca238
1c8be16937eb46fbd822c1cf54431916615241e1e39c900fa3fb0ec4515d3993
GET /wp-content/uploads/2021/05/mat-ngu.jpg HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: image/jpeg
content-length: 43231
last-modified: Sat, 29 May 2021 09:18:43 GMT
etag: "60b206f3-a8df"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
61.14.233.78200 OK 68 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 61.14.233.78:0
Hash 86733b4fb72396261e89abc20dd65eb1
947a8f96919059843c016b03ca1052631ae9a0e2
2e355462e50448a3a179a04e2389669c4e3fc6e6089b485315ec87f301e9a9f4
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 19:39:35 GMT
vary: Accept-Encoding
etag: W/"62c5e4f7-36dc"
content-encoding: gzip
X-Firefox-Spdy: h2
js.cofounderspecials.com/splash.js?v=5.5.9
91.211.91.112200 OK 579 B URL HTTP/1.1 js.cofounderspecials.com/splash.js?v=5.5.9
IP 91.211.91.112:0
ASN #206638 PE Brezhnev Daniil
File type ASCII text, with very long lines (2336), with no line terminators
Hash 37326b5e1732ea5e8e0c394b19415a25
ec0a58a80d1ae27e1a82edf3343859aa923ef637
e901c7ae1a5dc9925d6db81344847070347420db148d63405b15a9c81dc85d0d
Analyzer Verdict Alert fortinet Malware
GET /splash.js?v=5.5.9 HTTP/1.1
Host: js.cofounderspecials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:01 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
fonts.googleapis.com/css?family=Montserrat%3A100&subset=latin%2Call&ver=5.8
142.250.74.10200 OK 160 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat%3A100&subset=latin%2Call&ver=5.8
IP 142.250.74.10:0
Size 160 kB (159965 bytes)
Hash 4c0245888ac1b6c4019cb482bd9b7bed
9368784fd13add2542de269c449a5fefb6001781
27a2e114662fff7b306544deee27a66fb09d71d0ff2eb6a9914eae01d904506c
GET /css?family=Montserrat%3A100&subset=latin%2Call&ver=5.8 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 05:47:00 GMT
date: Tue, 27 Sep 2022 05:47:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/2021/03/banner-goodnight-2-1536x584.jpg
61.14.233.78200 OK 136 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/2021/03/banner-goodnight-2-1536x584.jpg
IP 61.14.233.78:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 82", baseline, precision 8, 1536x584, components 3\012- data
Size 136 kB (135769 bytes)
Hash dc2842f4b235e18a4c89cf7ef2e6cf51
5117628df926d7d31aed12984e673bea4dd80511
0633870a87ae13f4ad45cc931e1ff09ff5ef586cfadb1f7f48a04e3f06fa0117
GET /wp-content/uploads/2021/03/banner-goodnight-2-1536x584.jpg HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: image/jpeg
content-length: 135769
last-modified: Wed, 10 Mar 2021 02:21:16 GMT
etag: "60482d1c-21259"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0
61.14.233.78200 OK 114 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0
IP 61.14.233.78:0
File type Web Open Font Format, TrueType, length 114280, version 1.0\012- data
Size 114 kB (114280 bytes)
Hash 7d9e85ea4d03fa493502980a31a2006c
a319cc9448cd00fc77c447fed281dc66b1c6ac7c
76dba545735324a48b09747baf7a9a75460cd7d13b6c2e82149950e1dadc948c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: application/x-font-woff
content-length: 114280
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "632a08de-1be68"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff
61.14.233.78200 OK 102 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff
IP 61.14.233.78:0
File type Web Open Font Format, TrueType, length 101652, version 331.-31261\012- data
Size 102 kB (101652 bytes)
Hash 9fe5a17c8ab036d20e6c5ba3fd2ac511
52751432ded489dfdf27fb1cf64c570c4c27a1d7
74edc18b67c487e32f181719fdb347e2e77020744651f446e9acd7bd6821e2e7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://goodnightchinhhang.com.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: application/x-font-woff
content-length: 101652
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "632a08de-18d14"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/2021/03/banner-goodnight-3-1-1536x584.jpg
61.14.233.78200 OK 111 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/2021/03/banner-goodnight-3-1-1536x584.jpg
IP 61.14.233.78:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 82", baseline, precision 8, 1536x584, components 3\012- data
Size 111 kB (111224 bytes)
Hash 424f336108e463790c736f3ec010d536
0cc8b72551c4e8b709318044d0bf1022232df556
c3ec74af6081ba75a19e09247c7aecb18f28e968e3a176da3a2c408d1584b6dd
GET /wp-content/uploads/2021/03/banner-goodnight-3-1-1536x584.jpg HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:01 GMT
content-type: image/jpeg
content-length: 111224
last-modified: Wed, 10 Mar 2021 02:21:17 GMT
etag: "60482d1d-1b278"
accept-ranges: bytes
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff
61.14.233.78200 OK 90 kB URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff
IP 61.14.233.78:0
File type Web Open Font Format, TrueType, length 90060, version 331.-31261\012- data
Hash 099a9556e1a63ece24f8a99859c94c7d
5f8cab91347c553c1eb87f9b527f6bee8a28e40d
aff76e5c986f295d4bc6f8142a78e2a31888b101c2d025db89f79c75f64fd90b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.goodnightchinhhang.com.vn
Connection: keep-alive
Referer: https://goodnightchinhhang.com.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:02 GMT
content-type: application/x-font-woff
content-length: 90060
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
etag: "632a08de-15fcc"
accept-ranges: bytes
X-Firefox-Spdy: h2
away.bettershitecolumn.com/hit.php?a=1311&b=334-1166-567334-46
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/hit.php?a=1311&b=334-1166-567334-46
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /hit.php?a=1311&b=334-1166-567334-46 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 05:47:03 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/hit.php?nid=54889&yid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/hit.php?nid=54889&yid=9554-66-457679-29
91.211.91.104200 OK 740 B URL HTTP/2 away.bettershitecolumn.com/hit.php?nid=54889&yid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash bbcaf0bafc9495433abe929d98c893f0
784fb0329ecf22ee505d1fdd9a4e7df850a364ec
854881d096e31466f663866802459ccb132f8ad435505671d804ed3b1ed6fa89
Analyzer Verdict Alert quad9 Sinkholed
GET /hit.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.goodnightchinhhang.com.vn/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:03 GMT
content-type: text/html; charset=UTF-8
content-length: 740
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6ae65d8f937d986d0d48f870ce2e35d4
f73a96a928f96262f5b85f1a7d14199c956f5d1c
69134af384a4c918f148e6e254c6f0a9a14f2d783be58ffb057a246a1f6dad03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4940
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:03 GMT
Last-Modified: Tue, 27 Sep 2022 04:24:45 GMT
Server: ECS (amb/6BBB)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6ae65d8f937d986d0d48f870ce2e35d4
f73a96a928f96262f5b85f1a7d14199c956f5d1c
69134af384a4c918f148e6e254c6f0a9a14f2d783be58ffb057a246a1f6dad03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4941
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 05:47:04 GMT
Last-Modified: Tue, 27 Sep 2022 04:24:45 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 278
lukoil-promotion.online/media/mainstream/frame.html
92.119.160.54200 OK 39 B URL HTTP/1.1 lukoil-promotion.online/media/mainstream/frame.html
IP 92.119.160.54:0
ASN #49505 OOO Network of data-centers Selectel
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 086707e4369f60afedcafb16050a7618
8216b0cc6876cbd44f01c158e7dff3833ceccd41
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
Analyzer Verdict Alert fortinet Malware
GET /media/mainstream/frame.html HTTP/1.1
Host: lukoil-promotion.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lukoil-promotion.online//?u=bt1k60t&o=xqt63qn&t=cid:7065&cid=7065-9817-20220927084704d17424
Cookie: sid=t4~ows4v0tujbvlcrsayhgwmvvx; p1=https://bluewellabs.live/dxlxbsrt/; s1=p2p0p4e86e10o3zf
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:04 GMT
Content-Type: text/html
Content-Length: 39
Connection: keep-alive
Last-Modified: Thu, 20 May 2021 06:08:14 GMT
Vary: Accept-Encoding
ETag: "60a5fcce-27"
Cache-Control: no-transform
Accept-Ranges: bytes
cawanmyoropurka.gq/help/?23071650902120
172.67.189.218302 Found 90 kB URL HTTP/2 cawanmyoropurka.gq/help/?23071650902120
IP 172.67.189.218:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62478), with CRLF line terminators
Hash f193eacbd3cb02bfa28fd5cd86320be4
dced95975f704bac5eaf5dc8aaf0f6a0e7a6261c
3a06539fe05dd39159449814030c061517e2588b0f2e5bdee9da9fb518a01969
GET /help/?23071650902120 HTTP/1.1
Host: cawanmyoropurka.gq
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 27 Sep 2022 05:47:04 GMT
content-type: text/html; charset=utf-8
location: http://lukoil-promotion.online//?u=bt1k60t&o=xqt63qn&t=cid:7065&cid=7065-9817-20220927084704d17424
x-powered-by: PHP/7.0.33
expires: Thu, 21 Jul 1977 07:30:00 GMT
last-modified: Tue, 27 Sep 2022 05:47:04 GMT
cache-control: max-age=0
pragma: no-cache
set-cookie: 00831=%7B%22streams%22%3A%7B%229817%22%3A1664257624%7D%2C%22campaigns%22%3A%7B%227065%22%3A1664257624%7D%2C%22time%22%3A1664257624%7D; expires=Fri, 28-Oct-2022 05:47:04 GMT; Max-Age=2678400; path=/; domain=.cawanmyoropurka.gq
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCqP6lDjvFxOmTQMSyE23qk5fjWOoSb8mXuL52CFFeD0X5orHZ1tXIJsk4OqcrJCu3pOHQiujvbrPR7G1dMZ5hueY9Y7ejHzjno6SF9rhI30An5%2F8wIyNxZnhngr9aGxJKS0fmk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7511f1442dbeb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lukoil-promotion.online/favicon.ico
92.119.160.54200 OK 0 B URL HTTP/1.1 lukoil-promotion.online/favicon.ico
IP 92.119.160.54:0
ASN #49505 OOO Network of data-centers Selectel
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: lukoil-promotion.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lukoil-promotion.online//?u=bt1k60t&o=xqt63qn&t=cid:7065&cid=7065-9817-20220927084704d17424
Cookie: sid=t4~ows4v0tujbvlcrsayhgwmvvx; p1=https://bluewellabs.live/dxlxbsrt/; s1=p2p0p4e86e10o3zf
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:04 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Sat, 06 Jun 2020 22:52:46 GMT
accept-ranges: bytes
etag: "e2e33b32553cd61:0"
Cache-Control: no-transform
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a76fa367051ea133a63ff16732193e47
c2a013fde2f9ed7f53d1c6987b0ce5c413ff43ed
5803f0c2c9144190af46b8a14e3cd5f29b336c8d1ae7a830ad7fc7bdd13f5141
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5803F0C2C9144190AF46B8A14E3CD5F29B336C8D1AE7A830AD7FC7BDD13F5141"
Last-Modified: Sun, 25 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20411
Expires: Tue, 27 Sep 2022 11:27:16 GMT
Date: Tue, 27 Sep 2022 05:47:05 GMT
Connection: keep-alive
275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
141.95.174.47200 OK 13 kB URL HTTP/1.1 275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
IP 141.95.174.47:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (560)
Hash b0c1fa11588b18d9fc8187e55415af25
3decba89f36e0ab34956bb6769b857bfb4c24cfe
d65cbc71b327a846316267bc55242546c7d947267f8e01236e726a0814d836cb
GET /dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lukoil-promotion.online/
Cookie: cookie1=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: text/html
Content-Length: 13114
Connection: keep-alive
cache-control: private, no-transform
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.12.0
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.12.0
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.12.0 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-4b4f"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.10
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.10
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.10 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Wed, 20 Jan 2021 04:12:02 GMT
vary: Accept-Encoding
etag: W/"6007ad92-2e01c"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/sound.js
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/sound.js
IP 141.95.174.47:0
Analyzer Verdict Alert fortinet Phishing
GET /media/mainstream/sound.js HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Fri, 02 Jul 2021 23:05:00 GMT
Vary: Accept-Encoding
ETag: W/"60df9b9c-1396"
Content-Encoding: br
Cache-Control: no-transform
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-7.css?ver=1620031260
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-7.css?ver=1620031260
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-7.css?ver=1620031260 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 03 May 2021 08:41:00 GMT
vary: Accept-Encoding
etag: W/"608fb71c-1582"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-11.css?ver=1620031259
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-11.css?ver=1620031259
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-11.css?ver=1620031259 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 03 May 2021 08:40:59 GMT
vary: Accept-Encoding
etag: W/"608fb71b-44b"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.3.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-135d"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/all/pb/no/1.js
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/all/pb/no/1.js
IP 141.95.174.47:0
Analyzer Verdict Alert fortinet Phishing
GET /media/mainstream/all/pb/no/1.js HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Tue, 17 May 2022 13:18:06 GMT
Vary: Accept-Encoding
ETag: W/"6283a08e-594"
Content-Encoding: br
Cache-Control: no-transform
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-48.css?ver=1620031261
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-48.css?ver=1620031261
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-48.css?ver=1620031261 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 03 May 2021 08:41:01 GMT
vary: Accept-Encoding
etag: W/"608fb71d-1677"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-includes/js/imagesloaded.min.js?ver=4.1.4
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
vary: Accept-Encoding
etag: W/"5ee520a7-15fd"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-17.css?ver=1620031791
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-17.css?ver=1620031791
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-17.css?ver=1620031791 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 03 May 2021 08:49:51 GMT
vary: Accept-Encoding
etag: W/"608fb92f-39f7"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/u.js
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/u.js
IP 141.95.174.47:0
Analyzer Verdict Alert fortinet Phishing
GET /media/mainstream/u.js HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Fri, 15 Jul 2022 22:33:08 GMT
Vary: Accept-Encoding
ETag: W/"62d1eb24-6259"
Content-Encoding: br
Cache-Control: no-transform
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.3.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-28722"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/themes/hello-elementor/style.min.css?ver=2.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/themes/hello-elementor/style.min.css?ver=2.3.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hello-elementor/style.min.css?ver=2.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 28 Dec 2020 07:04:04 GMT
vary: Accept-Encoding
etag: W/"5fe98364-19e6"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 61.14.233.78:0
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-21f91"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 61.14.233.78:0
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-2fa6"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Sun, 10 May 2020 03:09:58 GMT
vary: Accept-Encoding
etag: W/"5eb77086-6272"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.3.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-a3c"
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.weatherplllatform.com/result.js?v=000
91.211.91.114200 OK 0 B URL HTTP/2 cdn.weatherplllatform.com/result.js?v=000
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
GET /result.js?v=000 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:02 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:46:59 GMT
vary: Accept-Encoding
etag: W/"6331bb63-182c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-14.css?ver=1623202529
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-14.css?ver=1623202529
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-14.css?ver=1623202529 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Wed, 09 Jun 2021 01:35:29 GMT
vary: Accept-Encoding
etag: W/"60c01ae1-29da"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-44.css?ver=1620031261
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/post-44.css?ver=1620031261
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-44.css?ver=1620031261 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Thu, 22 Jul 2021 15:32:13 GMT
vary: Accept-Encoding
etag: W/"60f98f7d-22c3"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/global.css?ver=1620031260
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/uploads/elementor/css/global.css?ver=1620031260
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/global.css?ver=1620031260 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Mon, 03 May 2021 08:41:00 GMT
vary: Accept-Encoding
etag: W/"608fb71c-8f50"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.3.1
IP 61.14.233.78:0
GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-a884"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-709"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/all/pb/i13pro-unbox.jpg
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/all/pb/i13pro-unbox.jpg
IP 141.95.174.47:0
GET /media/mainstream/all/pb/i13pro-unbox.jpg HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: image/jpeg
Connection: close
Last-Modified: Mon, 20 Sep 2021 10:03:52 GMT
Vary: Accept-Encoding
ETag: W/"61485c88-9f0b"
Content-Encoding: br
Cache-Control: no-transform
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.3.1
IP 61.14.233.78:0
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-9e41"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/icon.js
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/icon.js
IP 141.95.174.47:0
Analyzer Verdict Alert fortinet Phishing
GET /media/mainstream/icon.js HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: application/javascript
Connection: close
Last-Modified: Fri, 02 Jul 2021 23:04:10 GMT
Vary: Accept-Encoding
ETag: W/"60df9b6a-19aa"
Content-Encoding: br
Cache-Control: no-transform
goodnightchinhhang.com.vn/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
IP 61.14.233.78:0
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.12.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Wed, 25 May 2022 06:40:08 GMT
vary: Accept-Encoding
etag: W/"628dcf48-50eb"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.3.1
IP 61.14.233.78:0
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-4824"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.3.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.3.1
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.3.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-80a1"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/all/pb/box_c.png
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/all/pb/box_c.png
IP 141.95.174.47:0
GET /media/mainstream/all/pb/box_c.png HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: image/png
Connection: close
Last-Modified: Sun, 13 Jun 2021 14:49:47 GMT
Vary: Accept-Encoding
ETag: W/"60c61b0b-ef0"
Content-Encoding: br
Cache-Control: no-transform
goodnightchinhhang.com.vn/wp-includes/js/wp-emoji-release.min.js?ver=5.8
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-includes/js/wp-emoji-release.min.js?ver=5.8
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Wed, 25 May 2022 06:40:08 GMT
vary: Accept-Encoding
etag: W/"628dcf48-48b9"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
IP 61.14.233.78:0
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 18:39:26 GMT
vary: Accept-Encoding
etag: W/"632a08de-29ba"
content-encoding: gzip
X-Firefox-Spdy: h2
goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.10
61.14.233.78200 OK 0 B URL HTTP/2 goodnightchinhhang.com.vn/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.10
IP 61.14.233.78:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.10 HTTP/1.1
Host: goodnightchinhhang.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.goodnightchinhhang.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 05:47:00 GMT
content-type: application/javascript
last-modified: Sun, 10 May 2020 03:09:58 GMT
vary: Accept-Encoding
etag: W/"5eb77086-19c3"
content-encoding: gzip
X-Firefox-Spdy: h2
275.bluewellabs.live/media/mainstream/all/pb/style1.css
141.95.174.47200 OK 0 B URL HTTP/1.1 275.bluewellabs.live/media/mainstream/all/pb/style1.css
IP 141.95.174.47:0
GET /media/mainstream/all/pb/style1.css HTTP/1.1
Host: 275.bluewellabs.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://275.bluewellabs.live/dxlxbsrt/?u=bt1k60t&o=xqt63qn&t=cid%3A7065&cid=7065-9817-20220927084704d17424&f=1&sid=t4~ows4v0tujbvlcrsayhgwmvvx&fp=H4ig1wmziJB9mEjSM4h9KzU8s10NUhC5yPKLyFycYAFGjlOFYXmu6mc%2B6kIxfyUyOK6NWVryzRiNVZc5wDwypd9x2FRcZMJ5%2FrmAzNw%2FJd5DIA8C%2FHoroim0OGtKvH9Dm5clBOGBXe9GSZZ6innuO0AOurqUeVQPwtnUzQoey%2F5RkBSDoasv1oFjkOKq8uLWg8IEi3n2mr8ZXXieCM%2F0WBytGJxvl%2BkpTrEv2UpCvc5SBwYHkx2QiHo2uJTEkXb0QcLvD18%2FZ%2BvvsTOq5JTLyKOtowmkRSzdTzs4io8XPObWHIrPdPkV142s3FbgXILsx2NYvQeBAF8h%2FXel13ahf3MQXKsl%2B4oa1jHmxC8SJo3X%2FgZw6iet80HikN3v7eojlWAaMPHWFl%2BamjclO7wPdWC8NCTkmfP8OhyRDDnB0q9AQ0cePJPqh7Tiii89cd8za08aHhX%2FLfYfCr22nbGC%2BgcZTGnxUJyFQc%2FNkEuoKXImtlNlzg%2BgN7L4j7Q53%2FhfsLZDYwVGJ2GjinCZ2OaTZs1UyzV0BrrctyTyyT8LRLZBqr3NdhTx9dJ2d%2Bo%2BPe9vepMD3xeCOQNGWu4l3ArvnmPquiag4vSAuk%2B6b3VrhPFjD%2FG2hWL8%2BeJXrFm4noBo0AWPZfN4Y%2Fugn2s1AUTyx5lfa2K2gODyimaGZz%2BsmlZm0YClXsnGyU7r%2FBMLHm1B6vGPLJ4nqung1D5fOm475zVJ12QARmiW62P8C%2B1WKikOCGuTjh8VG7VCrlRiKhbHPpBXtfYV%2B6VKn8PmipDLFECXtKnj6gpa6b%2B%2F57IjmSe4RMOWLeBOJ83yEmBSRU4oNNFfZZUXmzCbxAXvHViH1AVo92j%2FVF9JKs624ghgIEfRbEuAmgk%2FfWXgQPRw%2BpPHRKsjEdTZ2KUcZZc0NbfAOwa7pHYZyPB%2FnOA%2BxS5wBGVpMOwhb4JqmYaSkaHTkQJj%2Fr4HiBTcS0y%2FJj%2B%2BWimFtDqxmVgPlKr4eixIq2FUQbe4gDGwn54bmdi3KDLV3uA3TcOwq3APi5qv2x0OY1jdXAvvmFJD1%2BIdjLRFCs2QTbcYSD%2BTl%2FC4tk2o0WUPNoo8PkkdBzB3sWG1mfELueE1g1Wqzo4E1cCaH8SL6sjxrC0vHLxgGoXgkL0eeIXl6vvABoK9vr9QXsMTP1nCsnw8RSOK9kBhmExVmjx0SBgZJUlaDt6x9qvfH3nVtFL0E4iAFzEQ6bufQ2VBNDC9qOTRrn6p3vTxcBufaZjxnTuG02mR6ith515m3L4vf2yfGV8EqtXEsLQ%2FPW3sRmtCk6Q3UM9tXUERYDbx7pSexFqVqDDoHAT12Lt7QqCRgcLpNoqFGp3CYWhgDOJe8XR7PtKDhkRu1zqgFGik6M5CrZ55%2Fft%2F%2Fnu8bqG5Pan7wWndw8gES%2Fs07hmJlSCskvbYeZP%2BXDGFM2uFIHXBsMPFkjKP99XdJ5%2FEvML5K8ze%2FpzWR8%2B7TgstCXtc7VVt1dOeo8M6iIbSa%2F6i83D3Wips7%2Fvl3zm%2BAvcRy47A8vGPP7k1zi1xtZ08kDbhDCW17zy0LgNxKAHGUrZ%2BnBwtX%2Bu9AW%2FQAJO8u9p0YPNu%2Fur5DCY%2FZdRrRItFuqrqLeVt5w0CWATneyEWA3nUPJOMJGEaqYAGXDkR7U7nwlxS8Rn%2BYRfoax1I61ILYwl3tjJvG%2FM6o1%2FV95TwEYJ6Vi3wwNhR7lqIMCzd%2BUPayRjteeTUO4BlPnA815Afqp0J8%2B02sKWJQcHnWvLTxh%2BiZssDK17yW1ImkJJ51rpGvwiCdq6qthgihwFXSrUSq%2BjA6sso1fyEPeKyu1h6cmo9URxxg7QDQA2HolaWintb0T65aFP7glxkDrVMqHd9MpQPOgBcMaowml2Jp2RolnvZwYtqD0HNMMwtwonwaHMkCVtJoIg%2FBSS8b2Gr7pB8u%2BTO0jIR4Sf8Cg1JOw%3D%3D
Cookie: cookie1=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Sep 2022 05:47:05 GMT
Content-Type: text/css
Connection: close
Last-Modified: Sun, 13 Jun 2021 14:50:40 GMT
Vary: Accept-Encoding
ETag: W/"60c61b40-e37"
Content-Encoding: br
Cache-Control: no-transform