firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 17 Sep 2022 07:11:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UvJ5Nj0EpZkvAGDd4b5qqianQRlV4SEfF7wZQuaJV985pBTuSwJBUA==
Age: 2856
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b0d651d83075c7a68e3c6a9204226150
294785e3f3a67cdd5f1a530b83a2cbd2c2cc0665
17cbb43fd6662576ba3fe8e06cf44247c903c1313cc419053599c41e286a2442
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17CBB43FD6662576BA3FE8E06CF44247C903C1313CC419053599C41E286A2442"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11268
Expires: Sat, 17 Sep 2022 11:06:39 GMT
Date: Sat, 17 Sep 2022 07:58:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 17 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CWLSxbSaHU-HynBe11bzKkt1iJwTVhs2qXk7eZCRu0CpOcZwL8vI4g==
age: 16089
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 07:58:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
123.30.171.132301 Moved Permanently 1.1 kB URL HTTP/1.1 licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
IP 123.30.171.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (979)
Hash 712ce9a82452008d69e0982aeab33c76
f6e48522929365b40de922eaa1dcc14f1b36d163
ee49b82dfe289e2f94d291bb7f404716d301a11c70fc0ea2a41c48c681a0f34d
Analyzer Verdict Alert quad9 Sinkholed
GET /login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Sep 2022 07:59:57 GMT
Server: Apache/2
Location: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Content-Length: 1137
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2022 07:03:22 GMT
Cache-Control: max-age=3600
Expires: Sat, 17 Sep 2022 07:05:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WnukJO52AODbcSsPs2tqmUHFGVdqy870VFSzUWb_uyGcAoHgmTCLtA==
Age: 3329
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1101
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:51 GMT
Last-Modified: Sat, 17 Sep 2022 07:40:30 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1bHwqKZ1rkeMMHruqIJarw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1jaxAH1NFI+JP5B9VPMBRKYbtfI=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93762793c7995d2fb651a369c4f7e9e6
152dc810127fc3203904cc3bbb77b8db6bcabb92
21906b034321bf76d58c6495babcc100468cd65c4430eb37121b21ad62494f47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21906B034321BF76D58C6495BABCC100468CD65C4430EB37121B21AD62494F47"
Last-Modified: Fri, 16 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21517
Expires: Sat, 17 Sep 2022 13:57:29 GMT
Date: Sat, 17 Sep 2022 07:58:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16435
Expires: Sat, 17 Sep 2022 12:32:48 GMT
Date: Sat, 17 Sep 2022 07:58:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16435
Expires: Sat, 17 Sep 2022 12:32:48 GMT
Date: Sat, 17 Sep 2022 07:58:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16435
Expires: Sat, 17 Sep 2022 12:32:48 GMT
Date: Sat, 17 Sep 2022 07:58:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a22ab7dcdf50f4a297b8e117d336eae
e139a0974317212f094fdbe59e26ca5cf6b9e56d
9b4c23c1bb2e4fcd140ce34bf83f315f09b45202c569cb74113c2e65c4031dcd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7788
x-amzn-requestid: 2cb48f87-8b72-4ff7-b041-a6e704b854a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIP2-HFHoAMFssA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319935f-693e2f2e5a0bcd9f690f21fa;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 07:01:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4-H_LbXRjS1PJkVz9OIhwsaPfu8ZlL98zTZG--hdmij9Tc6KtmNSFQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:51:13 GMT
age: 36460
etag: "e139a0974317212f094fdbe59e26ca5cf6b9e56d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37eff517-f8c4-4e04-9fb6-e9a22aa4d8bf.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37eff517-f8c4-4e04-9fb6-e9a22aa4d8bf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e0c4155f7b9f8a4a31780ea86e50e398
50ae5dbe015dc8b9ad022cb5b11cb2c4c8086368
598683a93574a8418e19decdbfc5bcae2f028c6e1791c192f98425bd8e339ad4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37eff517-f8c4-4e04-9fb6-e9a22aa4d8bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7788
x-amzn-requestid: c570654d-569c-4faf-9690-5ffab5eaceed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YR5sREScIAMF5RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d6fe7-3ed179845a3e9ede478e6dfa;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 05:19:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kkko85Peg1nRJNE9WmrID7GfTrqjOuXZHDAcPRS6ZXIdEQF4YOMBVw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:38:59 GMT
age: 37194
etag: "50ae5dbe015dc8b9ad022cb5b11cb2c4c8086368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9c807387d303abb2bca1ef14b14c9e26
428fe80d3f35758433a6b2cf25e6bcb5f63a6a63
277a74204dc8bec8a227ca43cdb840b5dda71f74e8aec56606e862e70a5ba19c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5234
x-amzn-requestid: 55e23e9a-f85c-42f2-87b6-aff3646bf1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yknn_EFzoAMF2Ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ec99-62f023426230c7b46116d4b7;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:37:29 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fb2wN0gTI9OKgDghf1u4DKwrADkYcS5_7LIxaLxmbo0OciwezGh_LA==
via: 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:37:55 GMT
age: 37258
etag: "428fe80d3f35758433a6b2cf25e6bcb5f63a6a63"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35fd8af4-6883-4fbd-bf72-19167284c2ad.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35fd8af4-6883-4fbd-bf72-19167284c2ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2815dd402ec758d2088a6f360d29847b
5b7e4c16a2083e189a40790dca647280a3a3665b
5dd6aa9a36e6a18a66dfd7e444cbcfce8088b0eab648d784d2e554958d64edea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35fd8af4-6883-4fbd-bf72-19167284c2ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7644
x-amzn-requestid: 9e035566-625b-4b9f-ad72-3266f8cde01b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfIiDGINoAMFTKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322bad9-28ac917b20ca2ef64fbff2d4;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 05:40:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dvViUCjTvbcwSof4SAlARDnD7nUDzGUZJk1PqLi6IsuIVOEZngXtSw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:52:08 GMT
age: 36405
etag: "5b7e4c16a2083e189a40790dca647280a3a3665b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F965c1f46-ea3e-498e-b9dd-07a252ce51c2.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F965c1f46-ea3e-498e-b9dd-07a252ce51c2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6656c96d31803728c2fcd707289bcd27
5139023bb709d865d26a9b2fac4b02260966c347
41c958a36909953f47208de41fb76081ce2c5bb80afec7c15b7c544b464880b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F965c1f46-ea3e-498e-b9dd-07a252ce51c2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6991
x-amzn-requestid: 799f17de-b856-4be7-abbf-0d444f605a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXe-WE9toAMF41A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fab8e-6f2639d75967c1d2213d2d8b;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:58:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MJBgizrudIYLP4pd1G5uvwD27fRA5unGEjbfDTZVz-TdtBrrlG49Hw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 22:01:38 GMT
age: 35835
etag: "5139023bb709d865d26a9b2fac4b02260966c347"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2223b64d-7436-4cd8-9633-fc79069394d6.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2223b64d-7436-4cd8-9633-fc79069394d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2efd7ea9edbfe7d4d2cf6685dc60f571
dfb08910372586148c4e1fbea598818bf65cdbdb
a731494ee4cfd1d6d8642dc837f6731d55b84033f0f88a3e45fd82b07d137b28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2223b64d-7436-4cd8-9633-fc79069394d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9486
x-amzn-requestid: eb3622e4-3ac9-4148-8da1-0eb73e24e798
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRYP8HkYIAMF4mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d3a65-418ddfed5fe892af4998abc0;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 01:31:17 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 13i5a3uLuTga4_H4-lf1qT3dTznuh2i2TRK9mUGJuUii-WPADgG1Sg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:52:19 GMT
age: 36394
etag: "dfb08910372586148c4e1fbea598818bf65cdbdb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
123.30.171.132404 Not Found 8.5 kB URL HTTP/2 licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
IP 123.30.171.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6839), with CRLF, LF line terminators
Hash 0d4be86a4b6a6a2abd051f9905f2e8ad
cf55e153826049fe8fa6f9021323a3f018e2f8af
1fb6ae4ecc4ebe43aad43cb0cfde4d1eb1cc9a64ca5d3f7fcb73accc72caa21c
Analyzer Verdict Alert quad9 Sinkholed
GET /login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
vary: Cookie,Accept-Encoding,User-Agent
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://licogi18.com.vn/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
cache-control: no-cache, must-revalidate, max-age=0, s-maxage=10
content-length: 8513
content-type: text/html; charset=UTF-8
date: Sat, 17 Sep 2022 07:59:58 GMT
server: Apache/2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d12cc59489773babbc650161772d674
6fa23d626e8a64d98e59984567cd4dc42c648833
f43eae2b85acffc988fbc2c97e18ae1c013217db2cbe24df14dd3b8c35d0ff27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc0aaf293fed6c16e1dde02c50c8f40
e94f11cd8fa955f28856a02aa7115aa5f3626d98
b1592dc8fc0d63052f66b7be9b5ff1f562f6fbd05f6365ce828758bfbb3f1a12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b4a24f9aebdfdb06d10cd53e92a70bb8
c4532479dbd9636d8f5206faa085c520651eb5f2
1d330af2b423e351355f710f14cb771fa9918e8b6638c5076aba7bcda6c30936
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9730b7d7d5f0481f65712991a899f4b8
facb4df5e4a4ac98b9bdd126c7dbb531cf0fe1e7
15d7d8acbcd94d9ca8579cc31a9ec621e76408663bc4b047e5e127acb14334a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-S2RJHLLQ19
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-S2RJHLLQ19
IP 142.250.74.72:0
File type ASCII text, with very long lines (17807)
Hash 14cf029068e51de6d4dfbeb49653534a
67935f91e3df0a73a73e73f808aaddcf965f4428
7dc3069b067e63edb31cc2627d1a17c5d579fc15f8c7c932c3420ac553cce6ab
GET /gtag/js?id=G-S2RJHLLQ19 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Sep 2022 07:58:54 GMT
expires: Sat, 17 Sep 2022 07:58:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74675
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6LcZKSkcAAAAAOe683kf6ZbwuJryt3JRn8xZ0LIl&ver=3.0
142.250.74.164400 Bad Request 119 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcZKSkcAAAAAOe683kf6ZbwuJryt3JRn8xZ0LIl&ver=3.0
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 96612d2b1b529ecfcf09798c3eb100bf
4f32d5d3ccf4d44ae71309dfa8d6f9d396614a27
7c58bfa17d0c600b7455e6bfb3d8371fbf93da20a7a53ed1efad37d692f1cba0
GET /recaptcha/api.js?render=6LcZKSkcAAAAAOe683kf6ZbwuJryt3JRn8xZ0LIl&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Sat, 17 Sep 2022 07:58:54 GMT
expires: Sat, 17 Sep 2022 07:58:54 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 119
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc0aaf293fed6c16e1dde02c50c8f40
e94f11cd8fa955f28856a02aa7115aa5f3626d98
b1592dc8fc0d63052f66b7be9b5ff1f562f6fbd05f6365ce828758bfbb3f1a12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap&subset=latin-ext,vietnamese
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap&subset=latin-ext,vietnamese
IP 142.250.74.10:0
Hash a25596c4d3e730b4e218a2d71d860438
5213d6504e1de81f43584414bdc3b660db89cd94
a22640abf0222750e00d3d5d9d4f17bfc60d490cd2c892fbc5ed7c61ac89e265
GET /css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap&subset=latin-ext,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://licogi18.com.vn
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 17 Sep 2022 07:58:54 GMT
date: Sat, 17 Sep 2022 07:58:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9730b7d7d5f0481f65712991a899f4b8
facb4df5e4a4ac98b9bdd126c7dbb531cf0fe1e7
15d7d8acbcd94d9ca8579cc31a9ec621e76408663bc4b047e5e127acb14334a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9730b7d7d5f0481f65712991a899f4b8
facb4df5e4a4ac98b9bdd126c7dbb531cf0fe1e7
15d7d8acbcd94d9ca8579cc31a9ec621e76408663bc4b047e5e127acb14334a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
licogi18.com.vn/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
123.30.171.132200 OK 929 B URL HTTP/2 licogi18.com.vn/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
IP 123.30.171.132:0
Hash 6d343a550130cab6007c507a10787e46
eb10d3053dbe1de35b4c97feb9fd519b6c2b499e
21ae0f42f3b7435603c76fc336b31f14d379dd532ea67620c5a3e84e5d31a96f
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 929
server: Apache/2
last-modified: Fri, 27 Aug 2021 08:15:01 GMT
etag: "a50-5ca86147e7e6d"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 2640
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
123.30.171.132200 OK 6.9 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
IP 123.30.171.132:0
Hash cdfb6a780716b2a93875cf8e5ec43bf5
d8f573664cb222ef1c921ed29135aa6b64482328
0719b89dd0c571285de69c3cd3982fdd8640c1719b73247bd4ca6360a46c20d0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/style.css?ver=4.2.1 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 6905
server: Apache/2
last-modified: Fri, 10 Dec 2021 04:33:49 GMT
etag: "9f26-5d2c33ac21021"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 40742
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.9
123.30.171.132200 OK 1.8 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.9
IP 123.30.171.132:0
File type ASCII text, with very long lines (681)
Hash 8b2e3bb4c514a552369f073c5615b312
4a849de003a5f396208ef1cffd9b16287178518b
45f19b1eb04f2098a547235c72f82acc71f8e560666f250ab82a38b2399322bb
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.9 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 1771
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:06:35 GMT
etag: "1664-5c9b89b09b018"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 5732
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/custom/js/slick.js?ver=5.1.4
123.30.171.132200 OK 10 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/custom/js/slick.js?ver=5.1.4
IP 123.30.171.132:0
File type ASCII text, with very long lines (42862), with no line terminators
Hash aad6ed42aa57534aacf0bf0865a1a599
389621aa1d4fa9d2bebd8ae99a3dfd87f2c4fe26
9c3ffd1fa2612474e50043618765246f191bf3cfc7494c08d971c5f732190b28
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/custom/js/slick.js?ver=5.1.4 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 10333
server: Apache/2
last-modified: Tue, 17 Aug 2021 02:51:53 GMT
etag: "a76e-5c9b8666f3342"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 42862
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
123.30.171.132200 OK 4.1 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
IP 123.30.171.132:0
File type ASCII text, with very long lines (12987), with no line terminators
Hash 80527c6c3990b365978b19bb923850f6
871afc56a15f1cc51db55d496e2968e8e63036ce
cbcc278893ad87bcfd1571be16707edca39fba4b7c80000c040048ab9c51f340
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 4063
server: Apache/2
last-modified: Fri, 27 Aug 2021 08:15:01 GMT
etag: "32bb-5ca86147efb6d"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 12987
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
123.30.171.132301 Moved Permanently 272 B URL HTTP/1.1 licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
IP 123.30.171.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9d091bf8e473114d9e1edaf3f0e79a44
736bf274a4454dae30230afb43fbb7ae59745063
846248e200834f618981e4b887cd4b0c7e990aca73f61cce398178d68a164b7e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/09/mail-logo.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Sep 2022 08:00:01 GMT
Server: Apache/2
Location: https://licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
Content-Length: 272
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
licogi18.com.vn/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.0.0
123.30.171.132200 OK 33 kB URL HTTP/2 licogi18.com.vn/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.0.0
IP 123.30.171.132:0
File type Unicode text, UTF-8 text, with very long lines (31984), with LF, NEL line terminators
Hash 6ec1984b5597765487dd9e1e6512f5c6
83bd7747b9d25a1377f873b0f7787fbaf9cf0356
9750d73dde1d888b8a78701c0ac2fab2efa39516a400e2cda3bf2c3dcb5f3870
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.0.0 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 32599
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:06:45 GMT
etag: "177c1-5c9b89b9759b8"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 96193
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.9
123.30.171.132200 OK 3.2 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.9
IP 123.30.171.132:0
Hash 24be12d66cbd7013885424993520ce34
e284b77e779ced196a10255839abeccc10c029fe
76ffbfee1ee6e998fe183ce171810e175a59dc5a339ffc6e9aa9be27edb1c964
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.9 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 3193
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:06:35 GMT
etag: "35e5-5c9b89b0ba418"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 13797
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.2
123.30.171.132200 OK 847 B URL HTTP/2 licogi18.com.vn/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.2
IP 123.30.171.132:0
File type ASCII text, with very long lines (1849), with no line terminators
Hash 8474035b36a675a06a5f7696903b05ae
a113a20ffaf089c609d3a72c1041e83303734d6d
7140faf14df1701ce31da9e36f3bdbcd30fcb365c2635f0e0de7fb5f89a6e067
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.2 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 847
server: Apache/2
last-modified: Fri, 27 Aug 2021 08:15:01 GMT
etag: "739-5ca86147db34d"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 1849
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-includes/js/wp-embed.min.js?ver=5.1.4
123.30.171.132200 OK 753 B URL HTTP/2 licogi18.com.vn/wp-includes/js/wp-embed.min.js?ver=5.1.4
IP 123.30.171.132:0
File type ASCII text, with very long lines (1403), with no line terminators
Hash 0e2fa325009949146b555e051f64f65c
81cb1e13bb6a073c701fadd3d7ea25436a6c4cde
f9751ee717735c02218e834a39cecb1261c56b4da0fb879d00faa7df6d7c5066
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=5.1.4 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 753
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:04:08 GMT
etag: "57b-5c9b892457c79"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 1403
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2022/08/z3647869742853_8e9eb39dbe04f3d3132e78f568ed4e62-360x240.jpg
123.30.171.132200 OK 24 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2022/08/z3647869742853_8e9eb39dbe04f3d3132e78f568ed4e62-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 360x240, components 3\012- data
Hash 0470e89c885e82138ca0891016087ed4
797f5f100f50ea1ad0ae938bc018b33ad346b246
6aa5b22a8c4b9e3d9f03c858eeaa369d196723ed3f0be3e1edcf5409eddbba0b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/08/z3647869742853_8e9eb39dbe04f3d3132e78f568ed4e62-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 16 Aug 2022 14:02:14 GMT
etag: "5c20-5e65c3205d3f1"
accept-ranges: bytes
content-length: 23584
cache-control: s-maxage=10
content-type: image/jpeg
date: Sat, 17 Sep 2022 08:00:00 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/kdt-cau-han-360x240.jpg
123.30.171.132200 OK 28 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/kdt-cau-han-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 360x240, components 3\012- data
Hash 0a8e11f5a22af8696c48144e471e2c31
7a483007e95956655e91c33762c73cf659ccade4
4f16cd858af5aaa81d686d3842b59a9d082280747b941c953ff9ece4fd1902b8
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/kdt-cau-han-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 28471
last-modified: Mon, 23 Aug 2021 10:35:07 GMT
etag: "6f37-5ca37922afbe7"
accept-ranges: bytes
server: Apache/2
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9
123.30.171.132200 OK 9.4 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9
IP 123.30.171.132:0
Hash da0f80c01fad8b52dfa71c7c3dd758fe
10245c6af0591799f3c015a0ee22b339dc664883
a263be181c8718b8f22fe157b9ac9ba163b18e03139d9b3c9cf4fef54c6d2ba6
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 9361
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:06:35 GMT
etag: "1f7d7-5c9b89b098138"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 128983
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: text/css
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2022/06/z3451680902611_3b1f5a93c1be639c702d26a180bcb54f-360x240.jpg
123.30.171.132200 OK 27 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2022/06/z3451680902611_3b1f5a93c1be639c702d26a180bcb54f-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 360x240, components 3\012- data
Hash 76c8a3bc0a037fea997d5e9516c65223
b79757dd8c02132354617b7afaf3964341393267
552829ee56a9d72d8ea28b2f9288f6cb0afe5527be92d3c0261a7c76885ea759
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/06/z3451680902611_3b1f5a93c1be639c702d26a180bcb54f-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 26613
last-modified: Thu, 09 Jun 2022 05:41:19 GMT
etag: "67f5-5e0fd4563a62c"
accept-ranges: bytes
server: Apache/2
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: image/jpeg
X-Firefox-Spdy: h2
licogi18.com.vn/wp-includes/js/jquery/jquery.js?ver=1.12.4
123.30.171.132200 OK 34 kB URL HTTP/2 licogi18.com.vn/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 123.30.171.132:0
File type ASCII text, with very long lines (31997)
Hash bd62f6ccb070286e53b939e1a887eda3
f58899c44039fc98e15fbea7b8a59ce71d2eb5f8
0baca579f755c2dfc32730c397c364b5ef7bdd70bd71bcccf61198362e40efe3
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 33753
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:04:39 GMT
etag: "17a69-5c9b8941644d9"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-original-content-length: 96873
content-encoding: gzip
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:00 GMT
x-content-type-options: nosniff
content-type: application/javascript
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/09/image003-3-360x240.jpg
123.30.171.132200 OK 19 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/09/image003-3-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 360x240, components 3\012- data
Hash 35988f42873b6782fccd0bd13458aa32
a8ae139c386c8810c4703e95a23e484eece5583d
7cdd0ac64bf449ba38166e883e5c21fadde173ed6d565727c798ccc9afcccfef
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/09/image003-3-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 14 Sep 2021 00:52:10 GMT
etag: "4b62-5cbe9fdd72540"
accept-ranges: bytes
content-length: 19298
cache-control: s-maxage=10
content-type: image/jpeg
date: Sat, 17 Sep 2022 08:00:00 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2022/07/z3599664945716_b6af56be7e8dec4959c4bbe8c5dd81d6-360x240.jpg
123.30.171.132200 OK 22 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2022/07/z3599664945716_b6af56be7e8dec4959c4bbe8c5dd81d6-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 360x240, components 3\012- data
Hash 2da3c74bfadfe4259623aca8898e4e1a
b016f959dae244a728638a32fbeba1c17f6cf7a7
4cf9bd19cf0f993a523bce27377beb656ff6151245f5fe2052307fb0e773a74f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/07/z3599664945716_b6af56be7e8dec4959c4bbe8c5dd81d6-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 10:45:52 GMT
etag: "547f-5e4db3cd1682f"
accept-ranges: bytes
content-length: 21631
cache-control: s-maxage=10
content-type: image/jpeg
date: Sat, 17 Sep 2022 08:00:00 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/image001-8-360x240.jpg
123.30.171.132200 OK 24 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/image001-8-360x240.jpg
IP 123.30.171.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 360x240, components 3\012- data
Hash c2b79a97130010250cd2686cb1170e9d
847e3fc82c29f3833c16232cd3807d59d3cdddf6
8ce09d29f07022305c32a1a3ce9d9cb161c7fa138862aea99ab6d3cf6f116117
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/image001-8-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Aug 2021 07:11:52 GMT
etag: "5e6f-5ca85329d1b5e"
accept-ranges: bytes
content-length: 24175
cache-control: s-maxage=10
content-type: image/jpeg
date: Sat, 17 Sep 2022 08:00:00 GMT
server: Apache/2
X-Firefox-Spdy: h2
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.74200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.74:0
File type ASCII text, with very long lines (18670)
Hash 897ba9a21d9625286674da769dacc2e2
84b4923ab7dee562395160824d53496314499b77
696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 07:18:49 GMT
expires: Sat, 17 Sep 2022 08:18:49 GMT
cache-control: public, max-age=3600
age: 2407
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
123.30.171.132200 OK 12 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/09/mail-logo.png
IP 123.30.171.132:0
File type PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Hash 65e5f1fdb872024dacd7674479cb35ca
fd1e63bfb6236ecea79b812706676acd64b7fcfb
32fa573e34d26c4d33eac2798d05bb6161daa3885cd33053c1168805c93bf48f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/09/mail-logo.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Sep 2021 15:26:30 GMT
etag: "2e47-5cba5bd5ccae9"
accept-ranges: bytes
content-length: 11847
cache-control: s-maxage=10
content-type: image/png
date: Sat, 17 Sep 2022 08:00:01 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/image001-1-360x240.png
123.30.171.132200 OK 222 kB URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/image001-1-360x240.png
IP 123.30.171.132:0
File type PNG image data, 360 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size 222 kB (222538 bytes)
Hash f3ddc07cc5967f4e5bc42583dc87663f
f07332939803642387c09fefafed0a578d7e11c1
71b7b13e571ca21b674fb2a7fa75ce5c7599486b59233bc921e9ed35d1836a4b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/image001-1-360x240.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 25 Aug 2021 06:58:45 GMT
etag: "3654a-5ca5cc80f2f57"
accept-ranges: bytes
content-length: 222538
cache-control: s-maxage=10
content-type: image/png
date: Sat, 17 Sep 2022 08:00:00 GMT
server: Apache/2
X-Firefox-Spdy: h2
translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit
142.250.74.46200 OK 84 kB URL HTTP/2 translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit
IP 142.250.74.46:0
File type ASCII text, with very long lines (560)
Hash ef08a460b9ef79be1e193e0064913b0f
b6f1990321a0a5ff8dcb7ec3f015c58de1e5e03f
c0eececd2838fb296bc994d16cfba14113c2d828353c3030a62ed6c9be17cfd2
GET /translate_a/element.js?cb=GoogleLanguageTranslatorInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 17 Sep 2022 07:58:54 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+907; expires=Mon, 16-Sep-2024 07:58:54 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/images/logo2.png
123.30.171.132200 OK 74 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/images/logo2.png
IP 123.30.171.132:0
File type PNG image data, 1530 x 2343, 8-bit/color RGBA, non-interlaced\012- data
Hash 8024bb5782c2e68758516262759b152a
53bb518a2bc97d9cf81ba640a9b5a96bcb203578
51ec91742d9c4c7b2a96bd978f9c9dc39f3cd0e4dde641703afabb9aa59e95f7
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/caia/images/logo2.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 73859
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:06:38 GMT
etag: "12083-5c9b89b375798"
accept-ranges: bytes
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:02 GMT
x-content-type-options: nosniff
content-type: image/png
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fb510c0e0fbff6302a68eb385520e3f
cd5149c6ffc7ee3d90e9e6884af8e02f44c7ab00
2b9cd0f540eb0916ad5c3ee63dbc8ee57570c3eaae7aeabca5c8cb03a3c73c32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fb510c0e0fbff6302a68eb385520e3f
cd5149c6ffc7ee3d90e9e6884af8e02f44c7ab00
2b9cd0f540eb0916ad5c3ee63dbc8ee57570c3eaae7aeabca5c8cb03a3c73c32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.gstatic.com/maps-api-v3/embed/js/50/5/intl/vi_ALL/init_embed.js
142.250.74.163200 OK 71 kB URL HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/50/5/intl/vi_ALL/init_embed.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (2669)
Hash c97c37d5f90d2cce19ecac60218f89a3
87fdea661131e9399230549efb14d79dfab0bfc1
9ef4f9aec8c142320d84767edb911e7f7901819f5d8587ac133dbfc55b83b06c
GET /maps-api-v3/embed/js/50/5/intl/vi_ALL/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 70806
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 18:17:54 GMT
expires: Thu, 14 Sep 2023 18:17:54 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Sep 2022 20:19:12 GMT
content-type: text/javascript
age: 222062
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fb510c0e0fbff6302a68eb385520e3f
cd5149c6ffc7ee3d90e9e6884af8e02f44c7ab00
2b9cd0f540eb0916ad5c3ee63dbc8ee57570c3eaae7aeabca5c8cb03a3c73c32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Semibold.ttf
123.30.171.132200 OK 170 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Semibold.ttf
IP 123.30.171.132:0
File type TrueType Font data, 16 tables, 1st "BASE", 42 names, Macintosh\012- data
Size 170 kB (170342 bytes)
Hash 4423850f9fc435318a1f2be1ef23960c
c5c0676910107402566cd5f8fea6876c50c49211
f9e1a485fae9955ca08cb03657d605d2ce3f31c786471bf657322a70fce9138d
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/font/SFProDisplay-Semibold.ttf HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:38 GMT
etag: "6a340-5c9b89b2b70b8-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-type: application/x-font-ttf
date: Sat, 17 Sep 2022 08:00:02 GMT
server: Apache/2
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/plugins/google-language-translator/images/flags.png
123.30.171.132200 OK 55 kB URL HTTP/2 licogi18.com.vn/wp-content/plugins/google-language-translator/images/flags.png
IP 123.30.171.132:0
File type PNG image data, 169 x 520, 8-bit/color RGBA, non-interlaced\012- data
Hash 89c95031b56b90591fd4ef80558f8c25
9599f52c93b38f3e68686f299b3184be0a9de63a
d64c12a76a61096f3a14aa795d12c3fc0de8e5781ef2e1af3b66517e65d7f00e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/google-language-translator/images/flags.png HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.9
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 54996
server: Apache/2
last-modified: Tue, 17 Aug 2021 03:06:36 GMT
etag: "d6d4-5c9b89b12e778"
accept-ranges: bytes
expires: Sat, 17 Sep 2022 08:03:28 GMT
cache-control: max-age=300, s-maxage=10
date: Sat, 17 Sep 2022 08:00:02 GMT
x-content-type-options: nosniff
content-type: image/png
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Bold.ttf
123.30.171.132200 OK 253 kB URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Bold.ttf
IP 123.30.171.132:0
File type TrueType Font data, 16 tables, 1st "BASE", 42 names, Macintosh\012- data
Size 253 kB (252572 bytes)
Hash 82491958db4d6a342cd379d2eafb84f1
9ea4a9f29fdf63ba884802f084bef58c84d8330c
cb4196fb7d78876a2e40046c4c294b8149b576a2ec958eb7a5eb2712d31de2ab
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/font/SFProDisplay-Bold.ttf HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:37 GMT
etag: "6a6c0-5c9b89b25d338-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-type: application/x-font-ttf
date: Sat, 17 Sep 2022 08:00:02 GMT
server: Apache/2
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-S2RJHLLQ19>m=2oe9e0&_p=1034852861&cid=1687185626.1663395303&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663401519&sct=2&seg=0&dl=https%3A%2F%2Flicogi18.com.vn%2Flogin.microsoftonline.com%2Flogin.php%3Ftes.php%3Flogin.live.com%2Fgetsessionstate.srf%3Fresponse_type%3Dcode%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26scope%3Dopenid%2Bprofile%2Bemail%2Boffline_access%26response_mode%3Dform_post%26redirect_uri%3Dlogin.microsoftonline.com%2Fcommon%2Ffederation%2Foauth2%26state%3Drqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2%26estsfed%3D1%26uaid%3D27aab22138724fb08da033daeafc4afa%26vaccess%26vv%3D1600%26mkt%3Den-us%26lc%3D1033%26emailcmd%3Dlogin_submit%26id%3Dd3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251%26session%3Dd3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&dt=Kh%C3%B4ng%20t%C3%ACm%20th%E1%BA%A5y%20-%20Licogi%2018&en=page_view&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-S2RJHLLQ19>m=2oe9e0&_p=1034852861&cid=1687185626.1663395303&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663401519&sct=2&seg=0&dl=https%3A%2F%2Flicogi18.com.vn%2Flogin.microsoftonline.com%2Flogin.php%3Ftes.php%3Flogin.live.com%2Fgetsessionstate.srf%3Fresponse_type%3Dcode%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26scope%3Dopenid%2Bprofile%2Bemail%2Boffline_access%26response_mode%3Dform_post%26redirect_uri%3Dlogin.microsoftonline.com%2Fcommon%2Ffederation%2Foauth2%26state%3Drqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2%26estsfed%3D1%26uaid%3D27aab22138724fb08da033daeafc4afa%26vaccess%26vv%3D1600%26mkt%3Den-us%26lc%3D1033%26emailcmd%3Dlogin_submit%26id%3Dd3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251%26session%3Dd3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&dt=Kh%C3%B4ng%20t%C3%ACm%20th%E1%BA%A5y%20-%20Licogi%2018&en=page_view&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-S2RJHLLQ19>m=2oe9e0&_p=1034852861&cid=1687185626.1663395303&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663401519&sct=2&seg=0&dl=https%3A%2F%2Flicogi18.com.vn%2Flogin.microsoftonline.com%2Flogin.php%3Ftes.php%3Flogin.live.com%2Fgetsessionstate.srf%3Fresponse_type%3Dcode%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26scope%3Dopenid%2Bprofile%2Bemail%2Boffline_access%26response_mode%3Dform_post%26redirect_uri%3Dlogin.microsoftonline.com%2Fcommon%2Ffederation%2Foauth2%26state%3Drqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2%26estsfed%3D1%26uaid%3D27aab22138724fb08da033daeafc4afa%26vaccess%26vv%3D1600%26mkt%3Den-us%26lc%3D1033%26emailcmd%3Dlogin_submit%26id%3Dd3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251%26session%3Dd3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&dt=Kh%C3%B4ng%20t%C3%ACm%20th%E1%BA%A5y%20-%20Licogi%2018&en=page_view&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://licogi18.com.vn
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://licogi18.com.vn
date: Sat, 17 Sep 2022 07:58:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Regular.ttf
123.30.171.132200 OK 63 B URL HTTP/2 licogi18.com.vn/wp-content/themes/caia/font/SFProDisplay-Regular.ttf
IP 123.30.171.132:0
File type ASCII text, with no line terminators
Hash 2bd2892077d6b6cdb4e5da8e97bd6740
27857ba165f7b04f33019a6b6b8b9b74f59c7f21
87f5e8b44d7c6659d4358b81e6487da539a55f45594d1bb1d2bf32162b9ede5a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/caia/font/SFProDisplay-Regular.ttf HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/wp-content/themes/caia/style.css?ver=4.2.1
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 Aug 2021 03:06:37 GMT
etag: "650e4-5c9b89b276978-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: s-maxage=10
content-type: application/x-font-ttf
date: Sat, 17 Sep 2022 08:00:02 GMT
server: Apache/2
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 924cca70f1f5ba02eb6af21a65e0bdd1
3baa75b1ea32068f96cfd5060e4e1eda71c61da8
e55036d990bb7071b7e51e739b8650538ce67d821cc966b0baa99ff40220973b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3386
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:57 GMT
Last-Modified: Sat, 17 Sep 2022 07:02:31 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/vi_VN/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/vi_VN/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 85cd8f74542472e548b2e7b45f717923
19c2f6872bebcf41728ca9d6d11b5187ff061c96
0a2f5331a767a3a7bc8dd6d895260f123afc8eb9ca2373d7069368684f9e3129
GET /vi_VN/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: e4a19e085f67162e03e746953f9ef06d
etag: "2c9658dd3d16dab794249c8f9ef2bbdb"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 17 Sep 2022 08:04:31 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: hc2PdFQkcuVIsue0X3F5Iw==
x-fb-debug: pvNy4Tr3OI7ZtKVkb2zqxxn/+sZ6guksd3dQYfvQeoI6xFF/7wihuKGusVIAjUK1QcfjwgUwvin61biXv5vT5w==
priority: u=3,i
content-length: 1686
x-fb-trip-id: 1904183273
date: Sat, 17 Sep 2022 07:58:57 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 924cca70f1f5ba02eb6af21a65e0bdd1
3baa75b1ea32068f96cfd5060e4e1eda71c61da8
e55036d990bb7071b7e51e739b8650538ce67d821cc966b0baa99ff40220973b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3386
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 07:58:57 GMT
Last-Modified: Sat, 17 Sep 2022 07:02:31 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/vi_VN/sdk.js?hash=880d5fcadab1f4a2c922ab19381cb1cb
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/vi_VN/sdk.js?hash=880d5fcadab1f4a2c922ab19381cb1cb
IP 31.13.72.12:0
File type ASCII text, with very long lines (13264)
Hash db06ffece8099b6ab81495d5df15b94f
694e555b69ce9f3c4bd8a95f6911e8056a416553
f199116b655f3597613b7bbed7dd2bae8700f97080d2f6ffb851c93ce49bd061
GET /vi_VN/sdk.js?hash=880d5fcadab1f4a2c922ab19381cb1cb HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://licogi18.com.vn
Connection: keep-alive
Referer: https://licogi18.com.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 1187b9f58c6801aaffc50f474c0aafe7
etag: "569671d8c180fdf4b6266c6135215e95"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 17 Sep 2023 06:01:59 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 2wb/7OgJm2q4FJXV3xW5Tw==
x-fb-debug: FelJ5V+AgfWPVfyFA5Z82L9J3xUjhW9yF/8fQ6w+ctHcUgW3Y+m3RJgWAPWpc2MXT/vSlhcwoVrkG7cov8+5vw==
content-length: 87357
x-fb-trip-id: 1904183273
date: Sat, 17 Sep 2022 07:58:57 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 217489
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
142.250.74.163200 OK 5.6 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5560, version 1.0\012- data
Hash ca3b09b62fda648a4511700413313fd0
109cd4c5435bd6614391bb8722c47c287c96b2ec
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5560
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:36:26 GMT
expires: Thu, 14 Sep 2023 19:36:26 GMT
cache-control: public, max-age=31536000
age: 217351
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
142.250.74.163200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 142.250.74.163:0
File type gzip compressed data, max compression\012- data
Hash 106385a63dae28ab30856d42a09af5ab
a5ce25cf6dd783b37d935d0a607947719f26dcce
d3ed8dc3694e119a0b4e68978ec3242a4deaa485d4e5fca713206126df18a47c
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:35:48 GMT
expires: Thu, 14 Sep 2023 19:35:48 GMT
cache-control: public, max-age=31536000
age: 217389
last-modified: Wed, 11 May 2022 19:25:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
licogi18.com.vn/wp-content/uploads/2021/08/anh-da-huong-thuong-360x240.jpg
123.30.171.132200 OK 0 B URL HTTP/2 licogi18.com.vn/wp-content/uploads/2021/08/anh-da-huong-thuong-360x240.jpg
IP 123.30.171.132:0
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2021/08/anh-da-huong-thuong-360x240.jpg HTTP/1.1
Host: licogi18.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://licogi18.com.vn/login.microsoftonline.com/login.php?tes.php?login.live.com/getsessionstate.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=login.microsoftonline.com/common/federation/oauth2&state=rqiiaenisnllkckpklbs109myc3m0ysoyi9jts7jzm_tyy8tycnpz9zlzs_vyy9kz0wbsyqeuaqun61sl7ly4n-7wpjwqz9ev2yxcsbnzjalgurxmwosy6b-ankb_gvgxhemjjuy2h2dpoo9xsnpmdufk7vfjohflo6zel7slpqswpqi0nmbreavc48bsxuhb5saowsdasmpfszfrecntao1qlmuzuk0oati9yltyyztrpof2flj3mf5xz5ubgbzfvmu5mmrptmpzmemxvplazyf5vu-fafhzb4b2vxjtkzwhhpyhcawmz1iy9jfsbzlaq2&estsfed=1&uaid=27aab22138724fb08da033daeafc4afa&vaccess&vv=1600&mkt=en-us&lc=1033&emailcmd=login_submit&id=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251&session=d3c54c14c14c2f5900dddd0d16974251d3c54c14c14c2f5900dddd0d16974251
Cookie: _ga_S2RJHLLQ19=GS1.1.1663395302.1.0.1663395308.0.0.0; _ga=GA1.1.1687185626.1663395303
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 25 Aug 2021 06:44:54 GMT
etag: "65a2-5ca5c9680691a"
accept-ranges: bytes
content-length: 26018
cache-control: s-maxage=10
content-type: image/jpeg
date: Sat, 17 Sep 2022 08:00:00 GMT
server: Apache/2
X-Firefox-Spdy: h2