Overview

URL citichat.ir/
IP5.144.133.146
ASNAS59441 Noavaran Shabakeh Sabz Mehregan
Location Iran, Islamic Republic of
Report completed2019-04-19 23:13:35 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-04-19 2 click.sabavision.com/get_camp.php?id=2152,2151,2150,2149 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 5.144.133.146

Date UQ / IDS / BL URL IP
2019-06-10 08:51:27 +0200
0 - 1 - 0 www.selfriecei.mihanblog.com/ 5.144.133.146
2019-06-10 07:05:43 +0200
0 - 0 - 1 nmpd.mihanblog.com/post/ 5.144.133.146
2019-06-09 18:51:33 +0200
0 - 0 - 1 www.opensignal.mihanblog.com/ 5.144.133.146
2019-06-09 14:18:48 +0200
0 - 1 - 1 drafts.ir/poll/new/fid/135470639950bf2ddf79d9 (...) 5.144.133.146
2019-06-09 04:20:19 +0200
0 - 1 - 0 zahedanmusic1.tk/ 5.144.133.146
2019-06-09 04:20:11 +0200
0 - 1 - 0 oilmangroup.ir/ 5.144.133.146
2019-06-09 03:28:50 +0200
0 - 1 - 0 gap30.tk/ 5.144.133.146
2019-06-09 03:28:22 +0200
0 - 0 - 1 gapkhatere.ir/ 5.144.133.146
2019-06-09 03:24:58 +0200
0 - 1 - 1 oilgroup.ir/ 5.144.133.146
2019-06-09 03:24:15 +0200
0 - 1 - 1 tkchat19.tk/ 5.144.133.146

Last 10 reports on ASN: AS59441 Noavaran Shabakeh Sabz Mehregan

Date UQ / IDS / BL URL IP
2019-06-25 09:17:49 +0200
0 - 0 - 0 p30download.com/ 5.144.130.116
2019-06-10 18:44:28 +0200
0 - 0 - 1 pooya-shoe.com/js/xexexe 5.144.130.39
2019-06-10 10:20:39 +0200
0 - 0 - 0 nikafaridclinic.com/ 5.144.130.34
2019-06-10 08:51:27 +0200
0 - 1 - 0 www.selfriecei.mihanblog.com/ 5.144.133.146
2019-06-10 07:05:43 +0200
0 - 0 - 1 nmpd.mihanblog.com/post/ 5.144.133.146
2019-06-09 18:51:33 +0200
0 - 0 - 1 www.opensignal.mihanblog.com/ 5.144.133.146
2019-06-09 14:18:48 +0200
0 - 1 - 1 drafts.ir/poll/new/fid/135470639950bf2ddf79d9 (...) 5.144.133.146
2019-06-09 04:20:19 +0200
0 - 1 - 0 zahedanmusic1.tk/ 5.144.133.146
2019-06-09 04:20:11 +0200
0 - 1 - 0 oilmangroup.ir/ 5.144.133.146
2019-06-09 03:28:50 +0200
0 - 1 - 0 gap30.tk/ 5.144.133.146

No other reports on domain: citichat.ir



JavaScript

Executed Scripts (26)


Executed Evals (2)

#1 JavaScript::Eval (size: 3204, repeated: 1) - SHA256: 14eea6a9677643a672ad6b4bee9ead62e876283dc8f7b992c938de8d22ec71de

                                        function showMihanBlogSmileBox(textarea_id) {
    if (document.getElementById('MihanBlogSmiles_' + textarea_id).style.display == 'inline') {
        document.getElementById('MihanBlogSmiles_' + textarea_id).style.display = 'none'
    } else {
        document.getElementById('MihanBlogSmiles_' + textarea_id).style.display = 'inline'
    }
}

function MihanBlogShowSmile(value, textarea_id) {
    if (value.length > 10) {
        return
    }
    var bodyString = document.getElementById(textarea_id).value;
    document.getElementById(textarea_id).tempValue = bodyString.substring(0, mihanBlog_commentBody_cursorPos) + '[' + value + ']' + bodyString.substring(mihanBlog_commentBody_cursorPos);
    document.getElementById(textarea_id).value = document.getElementById(textarea_id).tempValue;
    showMihanBlogSmileBox(textarea_id)
}

function Set_Cookie(name, value, expires, path, domain, secure) {
    var today = new Date();
    today.setTime(today.getTime());
    if (expires) {
        expires = expires * 1000 * 60 * 60 * 24 * 30
    }
    var expires_date = new Date(today.getTime() + (expires));
    document.cookie = name + "=" + escape(value) + ((expires) ? ";expires=" + expires_date.toGMTString() : "") + ((path) ? ";path=" + path : "") + ((domain) ? ";domain=" + domain : "") + ((secure) ? ";secure" : "")
}

function Get_Cookie(check_name) {
    var a_all_cookies = document.cookie.split(';');
    var a_temp_cookie = '';
    var cookie_name = '';
    var cookie_value = '';
    var b_cookie_found = false;
    for (i = 0; i < a_all_cookies.length; i++) {
        a_temp_cookie = a_all_cookies[i].split('=');
        cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
        if (cookie_name == check_name) {
            b_cookie_found = true;
            if (a_temp_cookie.length > 1) {
                cookie_value = unescape(a_temp_cookie[1].replace(/^\s+|\s+$/g, ''))
            }
            return cookie_value;
            break
        }
        a_temp_cookie = null;
        cookie_name = ''
    }
    if (!b_cookie_found) {
        return null
    }
}

function Delete_Cookie(name, path, domain) {
    if (Get_Cookie(name)) document.cookie = name + "=" + ((path) ? ";path=" + path : "") + ((domain) ? ";domain=" + domain : "") + ";expires=Thu, 01-Jan-1970 00:00:01 GMT"
}

function c_textBox_blockSpam(id) {
    el = document.getElementById(id);
    var focusFunc = el.onfocus;
    var blurFunc = el.onblur;
    var onkeydownFunc = el.onkeydown;
    var onkeyupFunc = el.onkeyup;
    el.onfocus = function(el) {
        c_textBox_focusEl(this, focusFunc)
    };
    el.onblur = function(el) {
        c_textBox_restoreData(this, true, blurFunc)
    };
    el.onkeydown = function(event, el) {
        return c_textBox_noCopyKey(event, this, onkeydownFunc)
    };
    el.onkeyup = function(el) {
        c_textBox_saveData(this, onkeyupFunc)
    };
    el.oncontextmenu = function(el) {
        return false
    };
    el.value = '';
    el.tempValue = '';
    el.focusNum = 0;
    el.blurNum = 0;
    el.focus();
    setTimeout(function() {
        el.blur()
    }, 200)
}

function c_textBox_noCopyKey(e, el, otherFunc) {
    if (otherFunc) {
        otherFunc()
    }
    var key;
    var isCtrl;
    if (window.event) {
        key = window.event.keyCode;
        isCtrl = window.event.ctrlKey;
        isShift = window.event.shiftKey
    } else {
        key = e.which;
        isCtrl = e.ctrlKey;
        isShift = e.shiftKey
    }
    if ((isCtrl && key == 86) || (isShift && key == 45)) {
        return false
    }
    return true
}

function c_textBox_saveData(el, otherFunc) {
    if (otherFunc) {
        otherFunc()
    }
    el.tempValue = el.value
}

function c_textBox_focusEl(el, otherFunc) {
    if (otherFunc && el.focusNum) {
        otherFunc()
    }
    el.focusNum = 1;
    el.focusVar = true;
    setTimeout(function() {
        el.value = el.tempValue
    }, 200)
}

function c_textBox_restoreData(el, type, otherFunc) {
    if (type) {
        if (otherFunc && el.blurNum) {
            otherFunc()
        }
        el.blurNum = 1;
        el.focusVar = false
    }
    if (!el.focusVar) {
        el.value = el.tempValue;
        setTimeout(function() {
            c_textBox_restoreData(el, false, otherFunc)
        }, 200)
    }
}
                                    

#2 JavaScript::Eval (size: 1582, repeated: 1) - SHA256: 1c2cfc7a1cc64e4e47e1a013a754648fcbc2a3e6dd1a52415cf8659ea27a2873

                                        var sabavisionisMobile = navigator.userAgent.match(/(iPhone|iPod|iPad|Android|BlackBerry|Mobile)/);
var touch = function() {
    try {
        document.createEvent("TouchEvent");
        return true
    } catch (e) {
        return false
    }
};
var orientationChange = (('onorientationchange' in window)),
    touchEvents = ('ontouchstart' in window) || (window.DocumentTouch && document instanceof DocumentTouch) || touch();
var sabavisioniSmobileFlag = (Math.floor((Math.random() * 100) + 1)) * 2;
if (sabavisionisMobile || orientationChange || touchEvents) {
    sabavisioniSmobileFlag += 1
}

function createCookie(name, value, hours) {
    if (hours) {
        var date = new Date();
        date.setTime(date.getTime() + (hours * 60 * 60 * 1000));
        var expires = "; expires=" + date.toGMTString()
    } else var expires = "";
    document.cookie = name + "=" + value + expires + "; path=/"
}

function readCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for (var i = 0; i < ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0) == ' ') c = c.substring(1, c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length)
    }
    return null
}

function makeGetVar(param, val) {
    if (val) {
        url += "&" + param + "=" + val
    }
};

function encodeuri(b) {
    if (typeof encodeURIComponent == "function") {
        return encodeURIComponent(b)
    } else {
        return escape(b)
    }
};
var varloc = '';
if (((window.location.host).indexOf("api.sabavision.com")) > 0) {
    try {
        varloc = encodeuri(window.parent.location.href).split('%23')[0]
    } catch (e) {
        varloc = ''
    }
} else if (((window.location.host).indexOf("sabavision.com")) > 0 || ((window.location.host).indexOf("akairan.com")) > 0) {
    varloc = encodeuri(document.location).split('%23')[0]
} else {
    try {
        varloc = encodeuri(window.parent.location.href).split('%23')[0]
    } catch (e) {
        varloc = ''
    }
};
                                    

Executed Writes (5)

#1 JavaScript::Write (size: 34, repeated: 1) - SHA256: a4892870dd1909846e6c3419966188dfc4655ff55203064a3267420fd7ee4511

                                        < div id = "sabavision_zone_1" > < /div>
                                    

#2 JavaScript::Write (size: 34, repeated: 1) - SHA256: e0673dfc6db9f21b1ff7a05398ca19357db0d27050e8ed8252fb5b315df2f656

                                        < div id = "sabavision_zone_2" > < /div>
                                    

#3 JavaScript::Write (size: 67, repeated: 1) - SHA256: e113053dd77196fb7ac3a637340948cbeffec40bddf7e0674fc6e8e3725a5770

                                        < div style = "width:0px; height:0px;"
id = "sabavisionbody28911" > < /div>
                                    

#4 JavaScript::Write (size: 907, repeated: 1) - SHA256: a0875aa7d7b38d865741e5ca9b1be4c57941d2e3367485cf9b632a786a21581b

                                        < iframe frameborder = "0"
allowfullscreen name = "clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269"
id = "clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269"
width = "120"
height = "240"
frameborder = 0 src = "https://click.sabavision.com/showcamp.php?w=120&h=240&posdata[1]=2152-a--1066&posdata[2]=2151-b--1066&posdata[3]=2150-b--1066&posdata[4]=2149-c--1066&postype=other&t=1555708386&ct=c1a0a0cd46567861f0c2117c97be652cc8617c93&extra_click_url=&loc=https%3A%2F%2Fapi.sabavision.com%2Ffa%2Fv1%2Fpremium%2Fdisplay%2Frender%2Fprogram_id%2F166%3Fref%3Dmihanblog.com&ref=https%3A%2F%2Fapi.sabavision.com%2Fpox%2F%3Fid%3D93%26w%3D120%26h%3D240&bannerid=clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269&vt=6"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowFullScreen = "true"
webkitallowfullscreen = "true"
mozallowfullscreen = "true" > < /iframe>
                                    

#5 JavaScript::Write (size: 91, repeated: 1) - SHA256: c1b0923d3a638d14fc88de5ebcbd70c7e18b30684a99f928a7694925d5b85f86

                                        < script type = "text/javascript"
src = "http://api.sabavision.com/pox/poxjs.js"
async > < /script>
                                    


HTTP Transactions (50)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         5.144.133.146
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Set-Cookie: citichat_ads_cnt=1; expires=Sat, 20-Apr-2019 21:13:02 GMT; Max-Age=86400 mib_lb_id=m0; path=/; domain=.mihanblog.com
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5747
Md5:    d2c13957a09d8a3c9a068aa922ec9200
Sha1:   e5fb3a8cbaab5228b7d2237b60ff29aa7c673200
Sha256: 286d1213f3e3163bcce3677efbd9f31b7154006f4dfc96cc99712646fe74a67b
                                        
                                            GET /website/js HTTP/1.1 
Host: zarpop.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         5.135.20.154
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Set-Cookie: PHPSESSID=omr264858klddi2rahldihnem3; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 19 Apr 2019 21:13:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 804
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 19 Apr 2019 21:13:02 GMT
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   804
Md5:    661584ebe43bdc0b7e0e73f91e502a29
Sha1:   174b87708721e679542ba611d7afade12eb22333
Sha256: 5d7c0ee697fb9ee869f0933868015c478f124865c25c1f601caef55f9be7db40
                                        
                                            GET //public/scripts/run/g.other.v3.js HTTP/1.1 
Host: static.mihanblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         5.144.133.146
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Content-Length: 2370
Last-Modified: Sun, 22 Sep 2013 12:09:51 GMT
Etag: "523ede0f-942"
Server: Toofun/1.0.1
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   2370
Md5:    4cc5f2c75356a8ada1b14b226b723f63
Sha1:   7ec249fb587ed5870525464d8ad8942b9373698c
Sha256: 9c7e6c2ebd2ac2b10978a8627e31d1cd287aa43f19e5a8233b018103dad507d2
                                        
                                            GET //public/images/publish/advert_close.gif HTTP/1.1 
Host: static.mihanblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         5.144.133.146
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Content-Length: 281
Last-Modified: Wed, 27 Apr 2011 10:52:17 GMT
Etag: "4db7f561-119"
Server: Toofun/1.0.1
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 8 x 8
Size:   281
Md5:    6db25f1545b6179dd2892b5463fdbacd
Sha1:   c9c25c12188352960803c3fe2da938fadef9e46a
Sha256: 841a15c57af7f10aa34f4c309392f2d902218d4a9031c44d3a4c63af7389e05d
                                        
                                            GET /theme/fonts/fonts.css?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: mib_lb_id=m1; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/css/msgAlert.css?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/theme6/css/login.css?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/js/jquery.js?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /visit HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: mib_lb_id=m1; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /website/pp/null/1090/citichat.ir/?9016057 HTTP/1.1 
Host: zarpop.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: PHPSESSID=omr264858klddi2rahldihnem3

                                         
                                         5.135.20.154
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 19 Apr 2019 21:13:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 0
Date: Fri, 19 Apr 2019 21:13:02 GMT
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
                                        
                                            GET /theme/images/chat/favico.png HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /visit HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/js/msgAlert.js?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:02 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: mib_lb_id=m1; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /files/eb3q_login.top.png HTTP/1.1 
Host: uupload.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         185.49.85.22
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:03 GMT
Content-Length: 3967
Last-Modified: Thu, 08 Mar 2018 06:19:42 GMT
Connection: keep-alive
Etag: "5aa0d5fe-f7f"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 120 x 80, 8-bit/color RGB, non-interlaced
Size:   3967
Md5:    8891577e2a82633502448a5fa8cd0a1d
Sha1:   6704474d935045367e7c164f8ba71a657d26209e
Sha256: c5e0bc706466d24cce59d693b82a38dff954c15cabc22f5fe65faf2b480e43cd
                                        
                                            GET /theme/css/msgAlert.css?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:03 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/theme6/css/login.css?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:03 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: mib_lb_id=m1; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/fonts/fonts.css?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:03 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: mib_lb_id=m1; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/js/login.js?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:03 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/js/msgAlert.js?ver=8.0.0 HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: citichat_ads_cnt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:03 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: mib_lb_id=m1; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /theme/theme/logo/tarhpardaz.png HTTP/1.1 
Host: www.tarhpardaz.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         95.216.226.6
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:07 GMT
Content-Length: 26429
Last-Modified: Sun, 03 Feb 2019 18:07:58 GMT
Connection: keep-alive
Etag: "5c572dfe-673d"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 228 x 57, 8-bit/color RGBA, non-interlaced
Size:   26429
Md5:    5e1ca0f56d5a10da300dbb9ba8ab427a
Sha1:   e10bee071d218195ef2160b5ae3ece1af9ff17e4
Sha256: 1956076e83516783d1b642bf60bc20e2c02e7cfe0e9f3de9a1866b7c904418f3
                                        
                                            GET /files/gr3_login.header.jpg HTTP/1.1 
Host: uupload.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         185.49.85.22
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Fri, 19 Apr 2019 21:13:03 GMT
Content-Length: 111820
Last-Modified: Mon, 19 Mar 2018 15:47:12 GMT
Connection: keep-alive
Etag: "5aafdb80-1b4cc"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   111820
Md5:    48327c5414134a73a943b4f10ccc8057
Sha1:   76e7a24c1da9116d8dec4010c5309c8c2ed8ef8d
Sha256: 7a6f9f7efdd296c77a41c6bb6356611b0c5b1be40450d53550d9aae5202cb2ba
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         216.58.207.206
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Fri, 19 Apr 2019 19:53:31 GMT
Expires: Fri, 19 Apr 2019 21:53:31 GMT
Last-Modified: Tue, 19 Feb 2019 19:44:11 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17168
Cache-Control: public, max-age=7200
Age: 4772


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17168
Md5:    01d5892e6e243b52998310c2925b9f3a
Sha1:   58180151b6a6ee4af73583a214b68efb9e8844d4
Sha256: 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
                                        
                                            GET /pox/poxjs.js HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 19 Apr 2019 21:13:03 GMT
Transfer-Encoding: chunked
Last-Modified: Tue, 11 Sep 2018 09:39:50 GMT
Vary: Accept-Encoding
Etag: W/"5b978d66-149f"
Expires: Sun, 19 May 2019 21:13:03 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Set-Cookie: svapi_lb_id=m3; path=/; domain=.api.sabavision.com
Server: nginx
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1588
Md5:    6be8146edfb57051fb80c6de24d682a3
Sha1:   407b13da02e0a915ecfbe2ac11b662f631d0c596
Sha256: 7d21c8d615c90fab41a59b6d70b0e90d91bd063b985193365a1667bef8fd1e44
                                        
                                            GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1736266551&utmhn=citichat.ir&utmcs=UTF-8&utmsr=1176x885&utmvp=1159x754&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=%D8%B3%DB%8C%D8%AA%DB%8C%20%DA%86%D8%AA-%DA%86%D8%AA%20%D8%B3%DB%8C%D8%AA%DB%8C-%DA%86%D8%AA%20%D8%B1%D9%88%D9%85%20%D9%81%D8%A7%D8%B1%D8%B3%DB%8C%20%D8%B3%DB%8C%D8%AA%DB%8C-%D9%81%D8%A7%D8%B1%D8%B3%20%DA%86%D8%AA&utmhid=514026571&utmr=-&utmp=%2F&utmht=1555708384537&utmac=UA-153829-18&utmcc=__utma%3D126656543.263987774.1555708384.1555708384.1555708384.1%3B%2B__utmz%3D126656543.1555708384.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=447075398&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         216.58.207.206
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-153829-18&cid=263987774.1555708384&jid=447075398&_v=5.7.2&z=1736266551
Access-Control-Allow-Origin: *
Date: Fri, 19 Apr 2019 21:13:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 368


--- Additional Info ---
Magic:  HTML document text
Size:   368
Md5:    49943f4c0b91ccea99182077b686519f
Sha1:   8caebe128d5c66e92576ef1ddffe1be19026cbd9
Sha256: d47d12b51086a139a9a00abcd367e8434397d50494d290c0683f4b39a22c38fb
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         172.217.20.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 19 Apr 2019 21:13:04 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    76c47003939cebc3b0fd4f28dfd418be
Sha1:   5eeab3c8f327b3de8ae25298fe84869795b9516d
Sha256: de3b8422c43e3c51a63194d37aa54698bbce7a98579e541537551dcc5ed38631
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         172.217.20.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 19 Apr 2019 21:13:04 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    5be872b3fe0bb6f31385f91f811e9586
Sha1:   1192231bcb9ee73e9f619d433cdb66dddd9ae7f7
Sha256: db0ad6191770bff9043482b68acf62a4e25d4390a03274cfbe413675dd8c9cf5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 15 Apr 2019 23:32:19 GMT
Etag: 8404E02B68B57AE5448BB09B98597BF679489D17
X-OCSP-Responder-ID: mcdpcaocsp16
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=266954
Expires: Mon, 22 Apr 2019 23:22:18 GMT
Date: Fri, 19 Apr 2019 21:13:04 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    1517ac7c5e1fa65bf7a9cbf779261f59
Sha1:   8404e02b68b57ae5448bb09b98597bf679489d17
Sha256: 9b244c375278520f93c24eba22c15446358856f093dd14f63aeb8dbc5049b79a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 14 Apr 2019 23:19:13 GMT
Etag: 5C61D546B180AAF093C4DE3C633F937FB87532E6
X-OCSP-Responder-ID: mcdpcaocsp16
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=179750
Expires: Sun, 21 Apr 2019 23:08:54 GMT
Date: Fri, 19 Apr 2019 21:13:04 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    8b9e4cb332f847b519ce244d068dbcaf
Sha1:   5c61d546b180aaf093c4de3c633f937fb87532e6
Sha256: c3d802f17c5948f964798ed7d3c824696825a5a71e92b92a3cec14403e5bf8b6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 14 Apr 2019 23:19:13 GMT
Etag: 142F0CFC405EEC522C89A07FB6A2D2E4AF7C3332
X-OCSP-Responder-ID: mcdpcaocsp3
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=179743
Expires: Sun, 21 Apr 2019 23:08:47 GMT
Date: Fri, 19 Apr 2019 21:13:04 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    e68391bea2a506d6c33a75ca0958e75e
Sha1:   142f0cfc405eec522c89a07fb6a2d2e4af7c3332
Sha256: 25383b8660f7065913417f8a92650c4304054c5fc6a3b3adb7e4be8313213f2f
                                        
                                            GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-153829-18&cid=263987774.1555708384&jid=447075398&_v=5.7.2&z=1736266551 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         74.125.131.156
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-153829-18&cid=263987774.1555708384&jid=447075398&_v=5.7.2&z=1736266551
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Fri, 19 Apr 2019 21:13:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 366
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  HTML document text
Size:   366
Md5:    20af6ba3028758410b4934fb4be61336
Sha1:   da9f9651ae87c037efb77f276c497c9a9052635e
Sha256: 59891fb3c4b972d86b0cac7ac1138e1f5d083179749e33380564dd14ef2c771d
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         172.217.20.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 19 Apr 2019 21:13:04 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    1817b4b01dd1189a2b8b7d47d998dfa1
Sha1:   98ba4f385bcc178faecbc0d3174ce2c70ab30477
Sha256: c0b0560d254035104e97009d8377bcd77b3aa4b9243f1dfb30256eafea318e8d
                                        
                                            GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-153829-18&cid=263987774.1555708384&jid=447075398&_v=5.7.2&z=1736266551 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         216.58.207.196
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Fri, 19 Apr 2019 21:13:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-153829-18&cid=263987774.1555708384&jid=447075398&_v=5.7.2&z=1736266551&slf_rd=1&random=3480283953
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         172.217.20.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    42e4297cf16410f60a4ec25f93516b7a
Sha1:   aa00babd35b609c98c8209fd047ef97811873c43
Sha256: da4a06cdbce948723ac4dfed6a8b7c141c9db7ba491f4e980cedc7bc0fde2dc0
                                        
                                            GET /pox/?id=93&w=120&h=240 HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Last-Modified: Tue, 22 Jan 2019 12:35:06 GMT
Vary: Accept-Encoding
Etag: W/"5c470dfa-195"
Expires: Sun, 19 May 2019 21:13:04 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Server: nginx
X-Upstream-CT: 0.080
X-Upstream-HT: 0.162
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   274
Md5:    bcea3f83d01a8565506ff8befb46abbf
Sha1:   4b50bd888cfd526d3c6c6f80e8f9811d30056623
Sha256: 57c83ec0e8251a1faa1b426cb0b418cdce056a1169318ed341ead377e6e3b7b9
                                        
                                            GET /pox/?id=95&w=120&h=40 HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Last-Modified: Tue, 22 Jan 2019 12:35:06 GMT
Vary: Accept-Encoding
Etag: W/"5c470dfa-195"
Expires: Sun, 19 May 2019 21:13:05 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Server: nginx
X-Upstream-CT: 0.079
X-Upstream-HT: 0.160
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   274
Md5:    bcea3f83d01a8565506ff8befb46abbf
Sha1:   4b50bd888cfd526d3c6c6f80e8f9811d30056623
Sha256: 57c83ec0e8251a1faa1b426cb0b418cdce056a1169318ed341ead377e6e3b7b9
                                        
                                            GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-153829-18&cid=263987774.1555708384&jid=447075398&_v=5.7.2&z=1736266551&slf_rd=1&random=3480283953 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         172.217.20.35
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Fri, 19 Apr 2019 21:13:05 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 0
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pox/app.d4f83fd8bfd8e2a15bc8.bundle.js HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://api.sabavision.com/pox/?id=93&w=120&h=240
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Last-Modified: Tue, 22 Jan 2019 12:35:04 GMT
Vary: Accept-Encoding
Etag: W/"5c470df8-3712f"
Expires: Sun, 19 May 2019 21:13:05 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Server: nginx
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   83811
Md5:    6532dcd00e72c51185e1843fc8c1f492
Sha1:   4286a6d35fe5b16b996fa91bb559c31da45b9681
Sha256: 26100f67c981fe6489777a88a546285f8bd2f3d4d1a87a7aebb1ffc76018d13e
                                        
                                            GET /fa/v1/premium/display/get_campaign/posid/93 HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Referer: https://api.sabavision.com/pox/?id=93&w=120&h=240
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Server: nginx
X-Upstream-CT: 0.081
X-Upstream-HT: 0.174
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   231
Md5:    0dfa0255fb8aafa25ffd04ee10a355bc
Sha1:   aa34ce137b801b3d79c17e19bb7b6dd8200a0622
Sha256: a0b2ffb915fb2bc9885e6fbbca05ce5579595a98accbd0c3975f415c464b4934
                                        
                                            GET /fa/v1/premium/display/get_campaign/posid/95 HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Referer: https://api.sabavision.com/pox/?id=95&w=120&h=40
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Server: nginx
X-Upstream-CT: 0.081
X-Upstream-HT: 0.176
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   267
Md5:    f8d1a4023476667db0afee42165901d0
Sha1:   3921b6d0e4126c8fcf68f8463123785181107b57
Sha256: 2106d9f82666fb7269d11dcc64755fbd8a666672e295e360e688004c32081f43
                                        
                                            GET /public/public/images/banner_saba_logo_small.png HTTP/1.1 
Host: sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://api.sabavision.com/pox/?id=93&w=120&h=240

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Content-Length: 1260
Last-Modified: Sat, 14 Feb 2015 07:33:21 GMT
Etag: "54defa41-4ec"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Server: nginx
Expires: Sun, 19 May 2019 21:13:05 GMT
Cache-Control: max-age=2592000
X-Upstream: 0
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 13 x 11, 8-bit/color RGBA, non-interlaced
Size:   1260
Md5:    59f7a2d7b89db5153a3aa56f648594b8
Sha1:   287f0c89b0f3ae78b27a8ed2ce26e297a1e9d2ee
Sha256: 2b3ddd6459f45c2482561081787daff9a027ecbf276d467cb8546141c8a400c2
                                        
                                            GET /uploads/user_data/banner/1/1308.gif HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://api.sabavision.com/pox/?id=95&w=120&h=40
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Content-Length: 15427
Last-Modified: Mon, 23 Jul 2018 04:47:02 GMT
Etag: "5b555dc6-3c43"
X-XSS-Protection: 1; mode=block
X-Content-Options: nosniff
Server: nginx
Expires: Sun, 19 May 2019 21:13:05 GMT
Cache-Control: max-age=2592000
X-Upstream: 0
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 120 x 40
Size:   15427
Md5:    faf56ef87f1f7b4ddbbc75f692a7ec6f
Sha1:   a0c858d1f071b697d3a4346b131f97e8592eb2fd
Sha256: 82aba492c9aab97aa4a7e32085ffcf2881de73470e095af60d0031513ad95578
                                        
                                            GET /fa/v1/premium/display/render/program_id/166?ref=mihanblog.com HTTP/1.1 
Host: api.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://api.sabavision.com/pox/?id=93&w=120&h=240
Cookie: svapi_lb_id=m3

                                         
                                         185.147.178.24
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Server: nginx
X-Upstream-CT: 0.080
X-Upstream-HT: 0.169
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   259
Md5:    a946c8a315c4d98db202d840900d2aa7
Sha1:   06e65b07bae772f31d562ef309835e619fb959aa
Sha256: 8e7436622962aa88ec736734fb4679b9209f6e9fda0f4e0f6bd081ae2f892195
                                        
                                            GET /theme/images/chat/favico.png HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: citichat_ads_cnt=1; __utma=126656543.263987774.1555708384.1555708384.1555708384.1; __utmb=126656543.1.10.1555708384; __utmc=126656543; __utmz=126656543.1555708384.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         5.144.133.146
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:05 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Toofun/1.0.1
Set-Cookie: mib_lb_id=m0; path=/; domain=.mihanblog.com


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1088
Md5:    a2395452315c83d3d4f728993cea2636
Sha1:   7f2b89cdd098b8cdcba6856fcfcb78526e7c5fef
Sha256: f13aab2b525321b5e9cb8da6cfa707a34218f9ace6400386364732e07a98c85e
                                        
                                            GET /get_camp.php?id=2152,2151,2150,2149 HTTP/1.1 
Host: click.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://api.sabavision.com/fa/v1/premium/display/render/program_id/166?ref=mihanblog.com

                                         
                                         185.147.178.25
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 19 Apr 2019 21:13:06 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Options: nosniff
Set-Cookie: cl_lb_id=m2; path=/; domain=.click.sabavision.com
Server: nginx
X-Upstream-CT: 0.082
X-Upstream-HT: 0.174
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5589
Md5:    b5c49871bf20c06be9d5115a79f922fa
Sha1:   4be1c01a74f734516149a3aef31594a2cd915e6f
Sha256: 2556724f36f8e49e2a1941259f6d8ff06f68cc98935371b098527af2c3f8c3ce

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /showcamp.php?w=120&h=240&posdata[1]=2152-a--1066&posdata[2]=2151-b--1066&posdata[3]=2150-b--1066&posdata[4]=2149-c--1066&postype=other&t=1555708386&ct=c1a0a0cd46567861f0c2117c97be652cc8617c93&extra_click_url=&loc=https%3A%2F%2Fapi.sabavision.com%2Ffa%2Fv1%2Fpremium%2Fdisplay%2Frender%2Fprogram_id%2F166%3Fref%3Dmihanblog.com&ref=https%3A%2F%2Fapi.sabavision.com%2Fpox%2F%3Fid%3D93%26w%3D120%26h%3D240&bannerid=clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269&vt=6 HTTP/1.1 
Host: click.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://api.sabavision.com/fa/v1/premium/display/render/program_id/166?ref=mihanblog.com
Cookie: cl_lb_id=m2

                                         
                                         185.147.178.25
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 19 Apr 2019 21:13:06 GMT
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: cs_all=%2C41850; expires=Sat, 20-Apr-2019 19:29:00 GMT; Max-Age=80154
Content-Encoding: gzip
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Options: nosniff
Server: nginx
X-Upstream-CT: 0.080
X-Upstream-HT: 0.203
X-Upstream: 0


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7528
Md5:    eedd772b37126d0414e486a1bc71eed6
Sha1:   6adfeeab4cc20be67c87ad647d0c596a6670c11b
Sha256: 594a34ef9239a885eb4585ea57846d98434f6c5e9485a5b74095eb9f703b5e0e
                                        
                                            GET /public//public/images/banner_saba_logo_small.png HTTP/1.1 
Host: click.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://click.sabavision.com/showcamp.php?w=120&h=240&posdata[1]=2152-a--1066&posdata[2]=2151-b--1066&posdata[3]=2150-b--1066&posdata[4]=2149-c--1066&postype=other&t=1555708386&ct=c1a0a0cd46567861f0c2117c97be652cc8617c93&extra_click_url=&loc=https%3A%2F%2Fapi.sabavision.com%2Ffa%2Fv1%2Fpremium%2Fdisplay%2Frender%2Fprogram_id%2F166%3Fref%3Dmihanblog.com&ref=https%3A%2F%2Fapi.sabavision.com%2Fpox%2F%3Fid%3D93%26w%3D120%26h%3D240&bannerid=clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269&vt=6
Cookie: cl_lb_id=m2; cs_all=%2C41850

                                         
                                         185.147.178.25
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 19 Apr 2019 21:13:06 GMT
Content-Length: 1281
Last-Modified: Tue, 08 Mar 2016 15:25:49 GMT
Etag: "56deeefd-501"
Expires: Sun, 19 May 2019 21:13:06 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Options: nosniff
Server: nginx
X-Upstream: 0
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 13 x 11, 8-bit/color RGBA, non-interlaced
Size:   1281
Md5:    226971addd095ba581944ec05af2140b
Sha1:   b87e85064cb3b8e14d7627774b7500aa19f296f9
Sha256: 9d47a0fe7fba29bb3e6de700dc91961402b249be3e52c2c9145d621e68627bab
                                        
                                            GET /public//public/user_data/user_banner/27/79824.gif HTTP/1.1 
Host: click.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://click.sabavision.com/showcamp.php?w=120&h=240&posdata[1]=2152-a--1066&posdata[2]=2151-b--1066&posdata[3]=2150-b--1066&posdata[4]=2149-c--1066&postype=other&t=1555708386&ct=c1a0a0cd46567861f0c2117c97be652cc8617c93&extra_click_url=&loc=https%3A%2F%2Fapi.sabavision.com%2Ffa%2Fv1%2Fpremium%2Fdisplay%2Frender%2Fprogram_id%2F166%3Fref%3Dmihanblog.com&ref=https%3A%2F%2Fapi.sabavision.com%2Fpox%2F%3Fid%3D93%26w%3D120%26h%3D240&bannerid=clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269&vt=6
Cookie: cl_lb_id=m2; cs_all=%2C41850

                                         
                                         185.147.178.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 19 Apr 2019 21:13:06 GMT
Content-Length: 58877
Last-Modified: Tue, 16 Apr 2019 12:15:13 GMT
Etag: "5cb5c751-e5fd"
Expires: Sun, 19 May 2019 21:13:06 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Options: nosniff
Server: nginx
X-Upstream: 0
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 120 x 240
Size:   58877
Md5:    d51e5f54c3bce638f5d0f57b3fceb889
Sha1:   91d7515d070ccc13982c4d17eb3af17a979eb6c1
Sha256: 76016b71ceaefd43e1faf501024375dee76efc26e71432c6bca3b9b075b7126b
                                        
                                            GET /tabligh.js?id=1363&c=e66a36d5318d38cfc509ad3304124e5a&t=7 HTTP/1.1 
Host: backority.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citichat.ir/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /theme/images/chat/favico.png HTTP/1.1 
Host: citichat.ir
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: citichat_ads_cnt=1; __utma=126656543.263987774.1555708384.1555708384.1555708384.1; __utmb=126656543.1.10.1555708384; __utmc=126656543; __utmz=126656543.1555708384.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /public//public/images/close.svg HTTP/1.1 
Host: click.sabavision.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://click.sabavision.com/showcamp.php?w=120&h=240&posdata[1]=2152-a--1066&posdata[2]=2151-b--1066&posdata[3]=2150-b--1066&posdata[4]=2149-c--1066&postype=other&t=1555708386&ct=c1a0a0cd46567861f0c2117c97be652cc8617c93&extra_click_url=&loc=https%3A%2F%2Fapi.sabavision.com%2Ffa%2Fv1%2Fpremium%2Fdisplay%2Frender%2Fprogram_id%2F166%3Fref%3Dmihanblog.com&ref=https%3A%2F%2Fapi.sabavision.com%2Fpox%2F%3Fid%3D93%26w%3D120%26h%3D240&bannerid=clicknet_vars_frame31550ec0df13a-df7e-3430-b224-fddad64df269&vt=6
Cookie: cl_lb_id=m2; cs_all=%2C41850

                                         
                                         185.147.178.25
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 19 Apr 2019 21:13:06 GMT
Content-Length: 1572
Last-Modified: Tue, 07 Aug 2018 03:59:50 GMT
Etag: "5b691936-624"
Expires: Sun, 19 May 2019 21:13:06 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Options: nosniff
Server: nginx
X-Upstream: 0
Accept-Ranges: bytes


--- Additional Info ---